The URL can be used to link to this page

Home My WebLink AboutP-22-299 Agreement FresWorks.pdf DocuSign Envelope ID: 72C86F78-2lF6-4FAF-826F-F5A7C67B59D3 P-22-299 Agreement Service Order Form INFORMATIONCUSTOMER Billing Contact information Shipping Contact Information Contact Name: Probation Business Office Contact Name(Shipping): Probation Business Office Organization: CoF Probation Department Organization: CoF Probation Department Email address: Email address: ProbationInvoices@fresnocountyca.gov seepatterson@fresnocountyca.gov nelcgado@fresnocountyca.gov ateasley@fresnocountyca.gov Phone: Phone: Bill-To Address: Ship-To Address: 3333 E.American Avenue, Suite B 3333 E.American Avenue,Suite B Fresno,CA 93725 Fresno,CA 93725 Subscription Term Jun 28,2022 Subscription Term Jun 27,2025 Start Date: End Date: Subscription Term: 36 Months Billing Frequency: Annual PO required on No PO Number(If Invoice: Applicable): Payment Method: Wire Transfer Payment Terms: Net 45 Applicable Tax FEIN Tax Registration ID: 94-6000512 Registration: Is Tax Exempt: Yes Product Instance ID Product Instance Domain No.of Users 239647 cofprobationdepartment.freshservice.com 9 Annual Type Item Name List Price/ Net price/ Duration Unit/Month Product Freshservice- $ 109 $ 80 12 8 $7680 Enterprise Annual Product Freshservice- $ 109 $0 12 1 0 Enterprise Annual Total Price $7680 $7680 Freshworks Inc.,2950 S.Delaware Street,Suite 201,San Mateo,CA 94403 DocuSign Envelope ID: 72C86F78-21F6-4FAF-826F-F5A7C67B59D3 P-22-299 Agreement COMMERCIAL TERMS • The Subscription Term will automatically renew for successive terms unless terminated in accordance with the Terms of this Agreement. • For any third-party offering or services purchased by a Customer(through the Freshworks Marketplace, provided directly by such third-party, or otherwise facilitated by Freshworks), shall be governed by the applicable customer agreement provided by such third-party and not the Agreement. Customer acknowledges that Freshworks is not responsible for such third party offering or services and Freshworks disclaims all liability resulting from the use of such third-party offering or services. • The continued activation of Customer's Account is based on the successful payment of the Fees. • This Service Order Form is governed by the Freshworks Terms of Service found at hops://www.freshworks.com/tenns/, unless Customer has a written Freshworks master services agreement executed between Customer and Freshworks Inc. for the Services purchased hereunder, in which case such written Freshworks master services agreement will govern (in either case, the "Agreement"). • The Freshworks Products listed above may have supplemental terms associated with their use which are available at hgps://www.freshworks.com/terms/supplemental-terms/. • By signing below,Customer represents that the signor is a duly authorized agent of Customer and hereby waives all claims to the contrary. Freshworks Inc. Customer Name Jatin shah Name Gary Cornuelle Title Authorized Signatory Title Purchasing Manager Signature Docusigned by: Signature �ar,907CCB70E843B cuSigned by: t ... u ,COC9B842C... Date Date June 16, 2022 1 5:02 PM PDT June 17, 2022 5:45 Am IST DS •freshv ks APPROVED i rmade'� Freshworks Inc.,2950 S.Delaware Street,Suite 201,San Mateo,CA 94403 P-22-299 Agreement freshworks TERMS ` Freshworks Terms of Service p1r,00t r I Fit 71' FAVORABLE TERMS SCqUT khhbL 'A" For an independent review and summary of the Freshworks Terms and Conditions of Service, see our Term Scout rating. Effective Date June 23,2022 For the prior version, please click here. BY ACCEPTING THIS AGREEMENT OR ACCESSING OR USING THE SERVICE, YOU ARE AGREEING TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU ARE USING ANY SERVICE AS AN EMPLOYEE, AGENT, OR CONTRACTOR OF A CORPORATION, PARTNERSHIP OR SIMILAR ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO SIGN FOR AND BIND SUCH ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT. THE RIGHTS GRANTED UNDER THIS AGREEMENT ARE EXPRESSLY CONDITIONED UPON ACCEPTANCE BY SUCH AUTHORIZED PERSONNEL. P-22-299 Agreement Modifications to this Agreement: From time to time, Freshworks may modify this Agreement. Unless otherwise specified by Freshworks, changes become effective for Customer upon renewal of the then-current Subscription Term or entry into a new Service Order Form after the updated version of this Agreement goes into effect. Freshworks will use reasonable efforts to notify Customer of the changes through communications via Customer's Account, email or other means. The "Effective Date" of this Agreement is the date which is the earlier of (a) Customer's initial access to any Service through any online provisioning, registration or order process or (b) the effective date of the first Service Order Form, as applicable, referencing this Agreement. This Agreement will govern Customer's initial purchase on the Effective Date as well as any future purchases made by Customer that reference this Agreement. These Terms of Service (the "Agreement") is entered into by and between Freshworks Inc., a Delaware corporation ("Freshworks"or "Provider") and the person or entity placing an order for or accessing the Service ("Customer" or "you"). In consideration of the terms and conditions set forth below, the parties agree as follows: 1. Provision of Service. Freshworks will make the Services and Software available to Customer pursuant to this Agreement, the Supplemental Terms (where applicable), the applicable SOF, and the Documentation, and provide such Services in accordance with this Agreement, including the Data Processing Addendum ("DPA"), Professional Services Terms, the BAA (if applicable), the Privacy Notice, and laws and government regulations applicable to Freshworks' business, during each Subscription Term. During the Subscription Term, Freshworks grants to Customer a limited, non-exclusive right to access and use the Services and Software only for its internal business purposes, for up to the number of Users included in the Service Plan or otherwise noted in the SOF, including the right to download, install and use the Mobile Apps in connection with the authorized use of the Services. 2. Responsibilities of Customer a. Customer Account. Customer may need to register for an Account in order to place orders or access or receive the Services. Customer agrees to keep its Account information current, accurate and complete so that Freshworks may send notices, statements and other information to Customer via email or through its Account, which notifications will be subject to this Agreement and the Privacy Notice. Customer will be responsible for maintaining the confidentiality of User login information and credentials for accessing the Services and will notify Freshworks promptly of any loss, misuse, or unauthorized disclosure of such login information P-22-299 Agreement and/or credentials of which Customer becomes aware. Freshworks and its Affiliates will not be liable for any damage or loss that may result from Customer's breach of the foregoing obligations. b. Use Restrictions. Customer agrees not to use the Freshworks Technology (as defined below) to: (i) process data on behalf of any third party other than Customer's Users and End Users; (ii) send unsolicited communications,junk mail, spam, or other forms of duplicative or unsolicited messages in violation of spamming or other laws; (iii) use the Service or Freshworks Technology in violation of applicable law (iv) store or transmit any content that infringes upon any third party's intellectual property rights; (v) interfere with or disrupt the integrity or performance of the Services and their components; (vi) post, transmit, upload, link to, send or store any content that is unlawful, racist, hateful, abusive, libelous, obscene, or discriminatory; (vii) post, transmit, upload, link to, send or store any viruses, malware, Trojan horses, time bombs, or any other similar harmful software; (viii) track cookies, ad exchanges, ad networks, data brokerages, or to send electronic communications (including e-mail) in violation of applicable law. In addition, Customer will not: (ix) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share or otherwise commercially exploit or make the Freshworks Technology available to any third party other than Users and End Users, and then only in furtherance of its permitted business purposes as expressly permitted by this Agreement; (x) modify, adapt, or hack the Freshworks Technology or otherwise gain or attempt to gain unauthorized access to the Freshworks Technology, its related systems or networks; (xi) falsely imply any sponsorship or association with Freshworks; (xii) decompile, reverse engineer, disassemble, reproduce, or copy or otherwise access or discover the source code or underlying program of any portion of Freshworks Technology. 3. Customer Data a. Use of Customer Data. As between the parties, Customer and its licensors retain all right, title and interest (including any and all intellectual property rights) in and to the Customer Data and any modifications made thereto in the course of the operation of the Freshworks Technology. Subject to the terms of this Agreement, Customer hereby grants to Freshworks and its Affiliates a non-exclusive, worldwide, royalty-free right to process the Customer Data solely to the extent necessary to provide the Services, Software, Mobile Apps, and perform all related obligations owed to Customer under this Agreement, or as may be required by law. Customer is solely responsible for the accuracy, content and legality of all Customer Data. Customer warrants that Customer has and will have sufficient rights in the Customer Data to grant the P-22-299 Agreement rights to Freshworks under this Agreement. Customer agrees not to upload any Customer Data containing electronic patient health records or information ("ePHI") unless Customer has entered into a business associate agreement with Freshworks, which will govern the parties' respective obligations with respect to any ePHI uploaded by Customer to the Services, Software, or Mobile Apps ("BAA"). Upon mutual execution of a BAA, the BAA is incorporated by this reference into this Agreement and is subject to its terms. If Customer is permitted to submit ePHI data into the Service, Software or Mobile App, then Customer may submit such data to Freshworks and/or the Service only by uploading it as Customer Data. Unless a BAA is in place, Freshworks will have no liability under this Agreement for ePHI supplied by Customer or any User or End User, notwithstanding anything to the contrary in this Agreement or in HIPAA or any similar federal or state laws, rules or regulations. b. Data Security. The parties will comply with the terms of the Data Processing Addend u m("DPA") located here, which is incorporated into this Agreement by this reference, with respect to the provision and processing of Personal Data as defined in the DPA. Freshworks will use appropriate technical and organizational measures in the Services to protect the Customer Data from unauthorized access, processing, loss, or disclosure. Freshworks measures are designed to provide a level of security appropriate to the risk of processing the Customer Data within the Services. Customer understands that Freshworks and its Affiliates will process Customer Data in accordance with applicable data protection laws, this Agreement, including the DPA, and the Privacy Notice. 4. Intellectual Property a. Ownership Rights. Customer Data is Customer's Confidential Information under this Agreement. Customer and its licensors retain all right, title and interest in and to the Customer Data and all of Customer's Confidential Information provided under this Agreement, and Freshworks obtains no rights in the foregoing except for the express rights granted in this Agreement and the Privacy Notice. Freshworks and its licensors retain all right, title, and interest in and to Freshworks Technology. Customer acknowledges that the Services are offered as online, hosted solutions, and that Customer has no right to obtain a copy of the underlying computer code for any Services, except (if applicable) for any downloadable Software, in object code format. Freshworks may freely use and incorporate into Freshworks' products and services any suggestions, enhancement requests, recommendations, corrections, or other feedback provided by Customer or by any Users or End Users relating to Freshworks products or services. Feedback and any other suggestions are provided by Customer exclusively "AS IS," in Customer's sole discretion, and will not be used by Freshworks in any way that identifies or permits identification of Customer, its Affiliates, Users, or End Users. P-22-299 Agreement b. Usage Data. Usage Data includes but is not limited to query logs, and any data (other than Customer Data) relating to the operation, support, and/or about Customer's use of the Services, Software, Freshworks' websites, Freshworks' APIs, or the Freshworks marketplace ("Usage Data"). Notwithstanding anything to the contrary in this Agreement, Freshworks may collect and use Usage Data to develop, improve, support, and operate its products and services. Freshworks may share Usage Data that includes Customer's Confidential Information with third parties to the extent necessary to provide the Service and in accordance with Section 8 (Confidentiality) of this Agreement. Freshworks may also utilize Customer Data for its internal business purposes only to the extent such Customer Data has been aggregated and anonymized such that Customer and Customer's Users and End Users cannot be identified. Customer may request that Customer Data be excluded for such purposes by submitting such an email request to support@freshworks. com. c. Updates. Freshworks may update the Services and Software from time to time and Customer may receive notifications of Updates. Any Updates to the Services and Software are subject to this Agreement. Customer agrees that its purchase of the Services and Software is neither contingent upon the delivery of any future functionality or features, nor dependent upon any oral or written public comments made by Freshworks with respect to future functionality or features. d. Other Services. Freshworks or other third parties may make available (for example, through the Freshworks Marketplace currently located at https://www.freshworks.com/apps/) or other forums, third-party products or services("Third-Party Services"). These Third Party Services may integrate with the Services and are not licensed by Freshworks pursuant to this Agreement, but are governed by the third party provider's terms and conditions and privacy policies that accompany them, which Customer must separately accept. Freshworks does not warrant or support Third Party Services, unless expressly provided otherwise in an SOF. Freshworks is not responsible for any disclosure, modification or deletion of Customer Data resulting from access by such third party. The Service may contain features designed to interoperate with Third Party Services. Freshworks cannot guarantee the continued availability of such Third Party Service features, and may cease supporting them without entitling Customer to any refund, credit, or other compensation, if for example and without limitation, the Third Party Service provider ceases to make the Third Party Service available for interoperation with the corresponding Service features in a manner acceptable to Freshworks. 5. Fees and Payment a. Fees and Payment. All charges associated with Customer's Account ("Fees") are set forth in the applicable SOF or Website. For credit card payments, the payment is due immediately upon P-22-299 Agreement receipt of invoice. Customer hereby authorizes Freshworks or our authorized agents, as applicable, to bill your credit card upon subscription to the Service(s) (and any renewal thereof). For payments through other accepted methods, payment is and are due and payable in full within thirty (30) days from the invoice date or as stated in the applicable SOF. Payment obligations are non-cancelable, regardless of utilization by the Customer and except as expressly permitted in this Agreement, Fees paid are non-refundable. Customer will pay the Fees through an accepted payment method as specified in the applicable SOF or Website. Unless otherwise set forth in the SOF, Customer's subscription to the Services will renew automatically for a Subscription Term in accordance with the renewal terms and conditions set forth in Section 6(b) below. During the Term, the Customer shall not reduce their Service Plan or User count. b. Late Payments. If undisputed Fees are more than thirty (30) days overdue, then, following written notification from Freshworks, Freshworks may suspend Customer's access to the Freshworks Technology, including, without limitation, Customer's Account, until such unpaid Fees are paid in full. c. Payment Disputes. Freshworks will not exercise its rights under Section 5(b) (Late Payments), 6(d) (Termination for Cause) or Section 6(c)(i) (Suspension of Service) with respect to non-payment by Customer if Customer is disputing the applicable charges reasonably and in good faith and is cooperating diligently to resolve the dispute. If the parties are unable to resolve such a dispute within thirty (30) days, each party will have the right to seek any remedies it may have under this Agreement, at law or in equity, irrespective of any terms that would limit remedies on account of a dispute. For clarity, any undisputed amounts must be paid in full. d. Applicable Taxes. The Fees do not include any taxes, levies, duties or similar governmental assessments, including value-added, sales, use or withholding taxes assessable by any local, state, provincial or foreign jurisdiction (collectively "Taxes"). Customer agrees to pay applicable direct or indirect Taxes associated with its purchases hereunder, which, to the extent Freshworks is legally required to collect the same, will be itemized on the Freshworks invoice. If Customer has an obligation to withhold any amounts under any law or tax regime (other than U.S. income tax law), Customer will gross up the payments so that the Freshworks receives the amount actually quoted and invoiced. If Freshworks has the legal obligation to pay or collect Taxes for which Customer is responsible under this section, the appropriate amount will be invoiced and paid by the Customer, unless, prior to the invoice date, the Customer provides Freshworks with a valid tax exemption certificate authorized by the appropriate taxing authority. Additional information on how Freshworks may apply tax requirements can be found at https://www.freshworks.com/company/sales-and-service-tax-faqs/. P-22-299 Agreement e. Orders by Affiliates. Customer's Affiliates may purchase Services directly from Freshworks by executing an SOF which is governed by the terms of this Agreement. Such SOF will establish a new and separate agreement between the Customer's Affiliate and the Freshworks entity signing such SOF. If the Affiliate resides in a different country than Customer, then the SOF may include modifications to terms applicable to the transaction(s) (including but not limited to tax terms and governing law). f. Purchases from Channel Partners. Customer may procure use of any Services, Software, or Mobile Apps from a third-party authorized reseller of Freshworks, including third-party marketplaces ("Channel Partner") pursuant to a separate agreement with the Channel Partner. Customer's use of any Services, Software, or Mobile Apps procured through a Channel Partner will be subject to the terms of this Agreement, and all fees payable (including applicable taxes) for such use will be payable to the Channel Partner pursuant to the terms agreed to between Customer and Channel Partner. Customer understands and agrees that, if Customer purchased the Services, Software, or Mobile Apps subscriptions via a Channel Partner, service credits and refunds payable under this Agreement may be payable or applied by Channel Partner acting on behalf of Freshworks in proportion to the fees paid by Customer to the Channel Partner, and the discharge by the Channel Partner of such obligations will relieve Freshworks of the same under this Agreement. 6. Term, Termination and Suspension a. Term. This Agreement is effective as of the Effective Date (or, for online Customers, the date of sign up on the Website) and will continue through the then-current Subscription Term. Service Plans commence on the start date specified in the relevant SOF (or, for online Customers, the date of sign up on the Website) and continue for the Subscription Term specified therein. b. Renewal. Unless a party gives written notice of non-renewal at least sixty (60) days prior to the expiration of the relevant Subscription Term, Service Plans will automatically renew for a period equal to the previous Subscription Term. Freshworks reserves the right to increase the Fees at the beginning of each Subscription Term. Any Fees for a renewed Subscription Term are due upon the date of renewal. c. Suspension. Freshworks may suspend Customer's access to the Services, Software, Mobile Apps and/or Customer's Account, on the following grounds: (i) late payment/non-payment of undisputed Fees, per the process noted in Section 5(b) above; (ii) non-renewal of the Services by Customer; (iii) Customer's or its Users' breach of Section 2 (Use Restrictions); or (iv) in the event suspension is deemed necessary by Freshworks to prevent or address the introduction of Malicious Software (as defined in Section 9.b below), a security incident, or other harm to P-22-299 Agreement Customer, Freshworks, or Freshworks' other customers. Freshworks will notify Customer of any such suspension. Freshworks will use diligent efforts to attempt to limit, where commercially feasible, the suspension to affected Users or Freshworks Technology, and will immediately restore the availability of the same as soon as the issues leading to the suspension are resolved. Such suspension will in no way affect Customer's other obligations under this Agreement. d. Termination for Cause. Either party may terminate this Agreement by written notice to the other party in the event that (i) such other party materially breaches this Agreement and does not cure such breach within thirty (30) days of such notice, or (ii) immediately in the event the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors. e. Free Trial Customers. Upon the expiration of Customer's free trial, Freshworks may immediately suspend Customer's access to the Services. Customer must export Customer Data before the end of the free trial or Customer Data will be permanently deleted. Notwithstanding anything to the contrary in this Agreement Freshworks will have no obligation to maintain, store or otherwise retain Customer Data beyond the end of the free trial period. 7. Data Export. and Retention. Upon termination or expiration of this Agreement or any SOF for any reason, Customer's access to the Services, Software, Mobile Apps, APIs and other Freshworks Technology will terminate. Freshworks strongly recommends that Customer export all Customer Data before Customer closes Customer's Account. Freshworks will make Customer Data available for export for fourteen (14) days from the effective date of termination of the Agreement ("Data Export Period"). Where Customer Data is retained by Freshworks and can be exported, and provided that Customer is current on its payment obligations as described in Section 5, Customer may contact Freshworks within the Data Export Period to have Freshworks export Customer's Customer Data. Beyond such Data Export Period, Freshworks reserves the right to retain Customer data for up to three (3) months before deleting all Customer Data in the normal course of operation except as necessary to comply with Freshworks legal obligations, maintain accurate financial and other records, resolve disputes, and enforce its agreements. Customer Data cannot be recovered once it is deleted. Customer may contact support@freshworks.com within the Data Export Period to export Customer Data. 8. Confidentiality. Each party will protect the other's Confidential Information from unauthorized use, access, or disclosure in the same manner as it protects its own Confidential Information of similar nature or importance, and in any event, using no less than reasonable care. Except as otherwise expressly permitted pursuant to this Agreement, the receiving party may use the disclosing party's Confidential Information solely to exercise its respective rights and perform its respective obligations under this Agreement, and will disclose such Confidential Information solely to those of its respective employees, representatives and agents who have a need to P-22-299 Agreement know such Confidential Information for such purposes and who are bound by obligations to maintain the confidentiality of, and not misuse, such Confidential Information. The provisions of this section will supersede any non-disclosure agreement by and between the parties entered into prior to this Agreement that would purport to address the confidentiality of any information shared by the parties, including Customer Data, and such agreement will have no further force or effect with respect to the foregoing. If the receiving party is required by law or court order to disclose Confidential Information of the disclosing party, then the receiving party will, to the extent legally permitted, provide the disclosing party with advance written notification and cooperate in any effort to obtain confidential treatment of the Confidential Information. The receiving party acknowledges that disclosure of Confidential Information would cause substantial harm for which damages alone would not be a sufficient remedy, and therefore that upon any such disclosure by the receiving party, the disclosing party will be entitled to seek appropriate equitable relief in addition to whatever other remedies it might have at law. 9. Warranties/Disclaimer of Warranties a. Service Warranty. Freshworks warrants that the Services, Software or Mobile Apps will perform in all material respects in accordance with the Documentation. Provided that Customer provides written notice of a claim within thirty (30) days after first becoming aware of a breach of the foregoing warranty, Freshworks will use diligent efforts to correct the Services, Software, or Mobile Apps so the foregoing warranty is met, and if Freshworks is unable to make such corrections in a timely manner, either party may terminate the applicable SOF, and Customer, as its sole and exclusive remedy, will be entitled to receive a refund of any unused Fees that Customer has pre-paid for the applicable Services, Software or Mobile Apps purchased thereunder. This warranty will not apply if the error or non-conformance was caused by Customer's breach of this Agreement or Customer's or its Users' misuse of the Services, Software, and Mobile Apps, modifications to the Services, Software, and Mobile Apps by anyone other than Freshworks or its representatives, or third-party hardware, software, or services used in connection with the Services, Software, and Mobile Apps. b. Malware Warranty. Freshworks warrants that the Services hosted by Freshworks will be monitored using commercially available means to attempt to detect and prevent the introduction of any computer instructions, circuitry or other technology means whose purpose or effect is to disrupt, damage or interfere with the authorized use of, or allow access to, the computer and communications facilities or equipment of Freshworks or Customer, including, without limitation, any code containing viruses, Trojan horses, worms, backdoors, trap doors, time-out devices or similar destructive or harmful code or code that self-replicates (collectively, "Malicious Software"). P-22-299 Agreement c. Warranty Disclaimer. EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER PARTY MAKES ANY OTHER WARRANTIES, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, AND ALL SUCH WARRANTIES ARE HEREBY DISCLAIMED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, TITLE, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. 10. Limitation of Liability a. SUBJECT TO APPLICABLE LAW AND NOTWITHSTANDING ANYTHING ELSE IN THIS AGREEMENT, IN NO EVENT WILL EITHER PARTY BE LIABLE FOR SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION DOWNTIME COSTS, LOSS OF DATA, RESTORATION COSTS, LOST PROFITS, OR COST OF COVER) REGARDLESS OF WHETHER SUCH CLAIMS ARE BASED ON CONTRACT, TORT, WARRANTY OR ANY OTHER LEGAL THEORY. b. EXCEPT FOR AN ACTION BROUGHT FOR GROSS NEGLIGENCE, WILLFUL MISCONDUCT, FRAUD, DATA CLAIMS OR IP CLAIMS, EACH PARTY'S AGGREGATE LIABILITY AND THAT OF ITS AFFILIATES, OFFICERS, EMPLOYEES, AGENTS, SUPPLIERS AND LICENSORS, UNDER THIS AGREEMENT WILL NOT EXCEED THE FEES RECEIVED BY OR PAYABLE TO FRESHWORKS IN THE TWELVE MONTHS PRECEDING THE CLAIM ("THE GENERAL LIABILITY CAP"). c. IN THE CASE OF IP CLAIMS AND DATA CLAIMS, FRESHWORKS AND ITS AFFILIATES' TOTAL LIABILITY TO THE CUSTOMER AND ITS AFFILIATES FOR ALL SUCH CLAIMS IN THE AGGREGATE (FOR DAMAGES OR LIABILITY OF ANY TYPE) WILL NOT EXCEED TWO TIMES (2X) THE GENERAL LIABILITY CAP ("SUPERCAP"). d. IN NO EVENT WILL EITHER PARTY (OR ITS RESPECTIVE AFFILIATES) BE LIABLE FOR THE SAME EVENT UNDER BOTH THE GENERAL LIABILITY CAP AND THE SUPERCAP. SIMILARLY, THE FOREGOING CAPS WILL NOT BE CUMULATIVE; IF A PARTY (AND/OR ITS AFFILIATES) HAS ONE OR MORE CLAIMS SUBJECT TO EACH OF THOSE CAPS, THE MAXIMUM TOTAL LIABILITY FOR ALL CLAIMS IN THE AGGREGATE WILL NOT EXCEED THE APPLICABLE CAP. e. THE PARTIES AGREE THAT THIS SECTION 10 WILL APPLY REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE AND WILL APPLY EVEN IF ANY LIMITED REMEDY SPECIFIED IN THIS AGREEMENT IS FOUND TO HAVE FAILED OF ITS ESSENTIAL PURPOSE. THE APPLICABLE MONETARY CAPS SET FORTH IN THIS SECTION WILL APPLY ACROSS THIS AGREEMENT AND ANY AND ALL SEPARATE AGREEMENT(S) ON AN AGGREGATED P-22-299 Agreement BASIS, WITHOUT REGARD TO WHETHER ANY INDIVIDUAL CUSTOMER AFFILIATES HAVE EXECUTED A SEPARATE SOF. 11. Indemnification a. Indemnification by Freshworks. Freshworks will defend Customer and its Affiliates, from any third party claim alleging that Customer's use of the Freshworks Technology as contemplated hereunder infringes such third party's patent, copyright and/or trademark intellectual property rights (an 1P Claim"), and will indemnify and hold harmless Customer and its Affiliates from and against any damages and costs awarded against Customer or its Affiliates, or agreed in settlement by Freshworks (including reasonable attorneys' fees) resulting from such IP Claim. Freshworks will have no liability or obligation with respect to any IP Claim if such claim is caused in whole or in part by (i) unauthorized use of the Freshworks Technology by Customer, its Affiliates or Users; (ii) modification of the Freshworks Technology by anyone other than Freshworks or its representatives; or (iii) the combination, operation or use of the Freshworks Technology with other data, hardware or software not provided by Freshworks. If Customer's use of the Freshworks Technology results (or in Freshworks' opinion is likely to result) in an IP Claim, Freshworks may at its own option and expense (a) procure for Customer the right to continue using the foregoing items as set forth hereunder; (b) replace or modify them to make them non-infringing; or (c) if options (a) or (b) are not commercially reasonably as determined by Freshworks, then either Customer or Freshworks may terminate Customer's subscription to the Service, whereupon Freshworks will refund Customer, on a pro-rated basis, any Fees Customer has previously paid Freshworks for the corresponding unused portion. The sections above state Freshworks' entire liability and Customer's exclusive remedy with respect to an IP Claim. b. Indemnification by Customer. Customer will defend Freshworks and its Affiliates from any third party claim ("Claim"), and will indemnify and hold harmless Freshworks and its Affiliates from and against any damages and costs awarded against Freshworks and its Affiliates, or agreed in settlement by Customer (including reasonable attorneys' fees) resulting from such Claim, to the extent caused by: (i) Customer's or its Affiliate's unauthorized supply, disclosure, or processing of Customer Data, including Personal Data therein, or (ii) Customer's or its Affiliate's violation of laws applicable to Customer's or its Affiliate's business. c. Indemnification Procedures. In the event of a potential indemnity obligation under this Section 11, the indemnified party will: (i) promptly notify the indemnifying party in writing of the claim, (ii) allow the indemnifying party the right to control the investigation, defense and settlement (if applicable) of such claim at the indemnifying party's sole cost and expense, and (iii) upon request of the indemnifying party, provide all necessary cooperation at the indemnifying P-22-299 Agreement party's expense. Failure by the indemnified party to notify the indemnifying party of a claim under this section will not relieve the indemnifying party of its obligations under this section, however, the indemnifying party will not be liable for any litigation expenses that the indemnified party incurred prior to the time when notice is given or for any damages and/or costs resulting from any material prejudice caused by the delay or failure to provide notice to the indemnifying party in accordance with this Section. The indemnifying party may not settle any claim that would bind the indemnified party to any obligation (other than payment covered by the indemnifying party or ceasing to use infringing materials) or require any admission of fault by the indemnified party, without the indemnified party's prior written consent, such consent not to be unreasonably withheld, conditioned or delayed. Any indemnification obligation under this Section 11 will not apply if the indemnified party settles or makes any admission with respect to a claim without the indemnifying party's prior written consent. 12. Miscellaneous. a. Use of Third Parties for Payment Processing. Freshworks may use a third-party service provider to manage payment processing provided that such service provider is not permitted to store, retain, or use Customer's payment account information except to process Customer's payment information for Freshworks. Customer must notify Freshworks of any change in Customer's payment account information, either by updating Customer's Account or by e- mailing Freshworks at support@freshworks.com. b. Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the other party's prior written consent (not to be unreasonably withheld); provided, however, either party may assign this Agreement in its entirety (including all SOFs), without the other party's consent to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Any attempted assignment in violation of this section will be null and void. c. Entire Agreement. This Agreement, together with any SOF, the Privacy Notice, and Supplemental Terms, constitutes the entire agreement and supersedes any and all prior agreements or communications between Customer and Freshworks regarding the subject matter hereof. In the event of a conflict between the Privacy Notice, the Supplemental Terms, or any SOF and this Agreement, the order of precedence will be, first, the Privacy Notice, second, the SOF, third, the Supplemental Terms, and fourth, this Agreement. If any provision in this Agreement is held by a court of competent jurisdiction to be unenforceable, such provision will be modified by the court and interpreted so as to best accomplish the original provision, and the remaining provisions of this Agreement will remain in effect. P-22-299 Agreement d. Publicity Rights. Freshworks may identify Customer as a Freshworks customer in its promotional materials. Customer may request that Freshworks stop doing so by submitting an email to legal@freshworks.com at any time. Please note that it may take us up to thirty (30) days to process a request. e. Relationship of the Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship among the parties. f. Survival. Sections 2.b (Use Restrictions), 4 (Intellectual Property), 5 (Fees and Payment), 6 (Term, Termination and Suspension), 8 (Confidentiality), 9.c (Warranty Disclaimer), 10 (Limitation of Liability), 11 (Indemnification), 12.c (Entire Agreement), 12.f (Survival), 12.g. (Notices), 12.j (Governing Law) and 12.k (Dispute Resolution) and 13 (Definitions) will survive any termination of the Agreement. Termination of this Agreement will not limit either party's liability for obligations accrued as of or prior to such termination or for any breach of this Agreement. g. Notices. All notices to be provided by one party to the other under this Agreement may be delivered in writing by (i) nationally recognized overnight delivery service or US mail to the mailing address provided on the SOF; or (ii) electronic mail to the e-mail address provided for Customer's Account. The address for a notice to Freshworks is: Freshworks Inc., 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403 with a copy to legal@freshworks.com by electronic mail. All notices will be deemed to have been given immediately upon delivery by electronic mail, or if otherwise delivered upon receipt or, if earlier, five (5) business days after being deposited in the mail or with a courier as permitted above. h. Anti-Corruption. Neither party has received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from an employee or agent of the other party in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If Customer learns of any violation of the above restriction, Customer will use reasonable efforts to promptly notify Freshworks at legal@freshworks.com. i. Force Majeure. Neither party will be liable to the other for any delay or failure to perform any obligation under this Agreement if the delay or failure results from any cause beyond such party's reasonable control, including but not limited to but not limited to, acts of God, acts of government, acts of terror or civil unrest, Internet failures, or acts undertaken by third parties not under the performing party's control, including, without limitation, denial of service attacks ("Force Majeure Event"). In the event that a Force Majeure Event continues for a period of thirty (30) consecutive days, the other party may terminate this Agreement and all SOFs on written notice to the non-performing party. If Freshworks is the party experiencing the Force Majeure P-22-299 Agreement Event and as a result thereof is unable to provide the Services, Software or Mobile Apps for the period noted herein, and Customer terminates this Agreement and all SOFs, then Freshworks will provide Customer a refund of fees paid by Customer pro-rated as of the date the Force Majeure Event commenced. j. Governing Law. This Agreement is governed by the laws of the State of California without regard to conflict of laws principles. The parties hereby submit to the exclusive personal jurisdiction of the federal and state courts of the State of California, San Francisco County for any claims or dispute relating to this Agreement. k. Dispute Resolution. Any dispute, claim or controversy arising out of or relating to this Agreement or the breach, termination, enforcement, interpretation, or validity thereof, including the determination of the scope or applicability of this Agreement to arbitrate, will be determined by arbitration in San Francisco, California. The arbitration will be administered by JAMS pursuant to its arbitration rules and procedures. Judgment on the Award may be entered in any court having jurisdiction. This section will not preclude parties from seeking provisional remedies in aid of arbitration from a court of appropriate jurisdiction. I. Export Compliance and Use Restrictions. The Services and other Software or components of the Services which Freshworks may provide or make available to Customer or Users may be subject to U.S. (or other territories) export control and economic sanctions laws, rules and regulations, including without limitation the regulations promulgated by the U.S. Department of Commerce's Bureau of Industry and Security ("BIS") and the U.S. Department of the Treasury's Office of Foreign Assets Control ("OFAC") (collectively, "Export Control Laws"). Customer agrees to comply with all the Export Control Laws as they relate to access to and use of the Services, Software, and such other components by Customer and Users. Customer shall not access or use the Services if Customer is located in any jurisdiction in which the provision of the Services, Software or other components is prohibited under U.S. or other applicable laws or regulations, including, without limitation, a country or territory that is subject to comprehensive U.S. trade sanctions (including Crimea, Cuba, Iran, North Korea, and Syria) (a "Prohibited Jurisdiction") and Customer shall not provide access to the Services to any government, entity or individual located in any Prohibited Jurisdiction. Customer represents, warrants and covenants that (i) Customer is not named on, or owned or controlled by any party named on any U.S. government (or other government) list of persons or entities prohibited from receiving U.S. exports, or transacting with any U.S. person, (ii) Customer is not a national of, located in, or a company registered in, any Prohibited Jurisdiction, (iii) Customer shall not permit Users to access or use the Service in violation of any Export Control Laws, (iv) no Customer Data created or submitted by Customer is subject to any restriction on disclosure, transfer, download, export or re-export under the Export Control Laws, and (v) Customer shall comply with all applicable P-22-299 Agreement laws regarding the transmission of technical data exported from the United States and the country in which Customer and Customer's Users are located. Customer further agrees that Customer will not use the Services to disclose, transfer, download, export or re-export, directly or indirectly, any Customer Data to any country, entity or other party which is ineligible to receive such items under the Export Control Laws or under other laws or regulations to which Customer may be subject. Customer acknowledges that the Service(s) and other Software may not be available in all jurisdictions and that Customer is solely responsible for complying with the Export Control Laws. m. Federal Government End Use Restrictions. If Customer is a U.S. federal government department or agency or contracting on behalf of such department or agency, this Service is a "Commercial Item" as that term is defined at 48 C.F.R. §2.101, consisting of "Commercial Computer Software" and "Commercial Computer Software Documentation", as those terms are used in 48 C.F.R. §12.212 or 48 C.F.R. §227.7202. Consistent with 48 C.F.R. §12.212 or 48 C.F.R. §227.7202-1 through 227.7202-4, as applicable, the Service is licensed to Customer with only those rights as provided under the terms and conditions of this Agreement. 13. Definitions. "Account" means any accounts or instances created by or on behalf of Customer for access to and use of any of the Services. "Affiliate" or "Subsidiary" means, with respect to a party to this Agreement, any entity that directly or indirectly controls, is controlled by, or is under common control with such party, where "control" means the possession, directly or indirectly, of the power to direct, or cause the direction of the management and policies of such entity, whether through the ownership of voting securities, by contract, or otherwise. "Confidential Information" means all information disclosed by one party to the other party, orally, in writing or electronically, that is designated as "confidential" (or with a similar legend), or which a reasonable person should understand to be confidential given the nature of the information and circumstances of disclosure. Confidential Information does not include any information that: (a) was publicly known and made generally available in the public domain prior to the time of disclosure by the disclosing party; (b) becomes publicly known and made generally available through no action or inaction of the receiving party; (c) is already in the possession of the receiving party at the time of disclosure by the disclosing party; (d) is obtained by the receiving party from a third party without a breach of such third party's obligations of confidentiality; (e) is independently developed by the receiving party without use of or reference to the disclosing party's Confidential Information. P-22-299 Agreement "Customer Data" means, all electronic data, text, messages or other materials, including, without limitation, Personal Data of Users and End Users, submitted to the Services by Customer or its Users through Customer's Account in connection with Customer' use of the Services. "Data Claims" means any claims arising from either (a) a party's breach of Section 3 (Customer Data), Section 8 (Confidentiality), the DPA, the BAA (if applicable), or the Privacy Notice, where such breach results in the unauthorized disclosure of Customer Data, or (b) breach of Section 2 (b) (Use Restrictions). "Data Processing Addendum" or "DPA" means, Freshworks' Data Processing Addendum currently at https://www.freshworks.com/data-processing-addendum/, as updated from time to time. "Documentation" means, the then-current, generally available user documentation provided by Freshworks detailing the functionalities of the Software and the Services. "End User" means, any person or entity other than Customer or Customer's Users with whom Customer interacts using the Services. "Freshworks Technology" means, (i) the Services, Software, Mobile Apps, Documentation, Freshworks' APIs, Freshworks' website(s) and any content published on the Freshworks' websites, (ii) any training materials, support materials, templates, tools, methodologies or know- how, NO Freshworks' Confidential Information and (iv) any modifications or derivative works of the foregoing. "Mobile App" means, the Freshworks-branded Software applications provided by Freshworks to enable access and use of the Services through mobile or other handheld devices (such as apps on iOS or Android devices). "Personal Data" means, data relating to an individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller (as defined under applicable data protection laws). "Professional Services Agreement" means, Freshworks' professional services agreement located at www.freshworks.com/terms/professional-services, as updated from time to time. "Privacy Notice" means, Freshworks' privacy notice currently at www.freshworks.com/privacy, as updated from time to time. "Service Order Form or SOF" means, (i) any service order referencing this Agreement and executed by Customer and Freshworks, or (ii) any online ordering document or process completed by Customer, including any online registration through a Website, each of which detail, the Services subscribed to and corresponding Service Plans, the number of Users P-22-299 Agreement authorized to use the Services, Fees payable to Freshworks, the applicable Subscription Term, and any relevant additional terms and conditions. This may also include any change order forms. "Services" means, the Freshworks software-based service offerings identified on the SOF and any Updates, including any Software, API or Documentation made available by Freshworks with such offering, but excludes any applications or APIs separately provided by third parties. "Service Plans" means, the pricing plans and other packaged offering limitations for and the applicable Services for which Customer subscribes with respect to any User. "Software" means the generally available software provided by Freshworks in connection with Customer's use of the Services, and includes Mobile Apps, but excludes any applications or APIs that are provided by third parties. "Subscription Term" means, the period stated on a SOF during which Customer subscribes to the Services. "Supplemental Terms" means, the Services specific terms found, which are located currently at https://www.freshworks.com/terms/Supplemental-terms/. "Update" means, the generally available updates, upgrades, hot fixes, patches, workarounds to the Software or Service provided by Freshworks to all subscribing customers, but excludes separately priced new products or modules. "User" or "Agent" means, any individual who is authorized by Customer to use the Services, including an Account administrator, employees, consultants, contractors, and agents of Customer or its Affiliates, and third parties with which Customer or its Affiliates transact business. ,, freshworks .. COMPANY v CONNECT WITH US v Copyright © Freshworks Inc. All Rights Reserved P-22-299 Agreement freshworks TERMS ` Freshworks Data Processing Addendum Effective Date October 1,2021 For the prior version, please click here. PLEASE READ THE DATA PROCESSING AGREEMENT ("DPA") CAREFULLY AS IT FORMS A CONTRACT BETWEEN THE CUSTOMER ("CUSTOMER" OR "CONTROLLER") AND FRESHWORKS ("FRESHWORKS" OR "PROCESSOR"). PROCESSOR AND CONTROLLER ARE INDIVIDUALLY REFERRED TO AS "PARTY" AND COLLECTIVELY AS "PARTIES". THE SERVICE AGREEMENT BETWEEN THE PARTIES REQUIRES THAT THE PROCESSOR ACCESSES AND PROCESSES PERSONAL DATA. THIS DPA TOGETHER WITH ITS EXHIBIT(S) SPECIFY THE OBLIGATIONS OF THE PARTIES WHEN FRESHWORKS ACTS AS A PROCESSOR BY ACCEPTING THIS DATA PROCESSING ADDENDUM OR ACCESSING OR USING THE SERVICE, YOU ARE AGREEING TO THE TERMS AND CONDITIONS OF THIS DATA PROCESSING ADDENDUM. THE CAPITALIZED TERMS USED IN THIS DPA BUT NOT DEFINED HEREIN SHALL HAVE THE SAME MEANING AS DEFINED IN THE SERVICE AGREEMENT. IN THE EVENT OF A CONFLICT BETWEEN THIS DPA AND THE SERVICE AGREEMENT, THIS DPA SHALL PREVAIL IF YOU ARE USING ANY SERVICE AS AN EMPLOYEE, AGENT, OR CONTRACTOR OF A CORPORATION, PARTNERSHIP OR SIMILAR ENTITY, THEN YOU REPRESENT AND WARRANT THAT YOU HAVE THE AUTHORITY TO SIGN FOR AND BIND SUCH ENTITY IN ORDER TO ACCEPT THE TERMS OF THIS AGREEMENT. THE RIGHTS GRANTED UNDER P-22-299 Agreement THIS AGREEMENT ARE EXPRESSLY CONDITIONED UPON ACCEPTANCE BY SUCH AUTHORIZED PERSONNEL. Modifications to this Agreement: From time to time, Freshworks may modify this Data Processing Addendum (. Unless otherwise specified by Freshworks, changes become effective for Customer upon renewal of the then-current Subscription Term or entry into a new Service Order Form after the updated version of this DPA goes into effect. Freshworks will use reasonable efforts to notify Customer of the changes through communications via Customer's Account, email or other means. The "Effective Date" of this DPA is the date which is the earlier of (a) Customer's initial access to any Service through any online provisioning, registration or order process or (b) the effective date of the first Service Order Form, as applicable, referencing this DPA. This DPA is entered into by and between Freshworks Inc., a Delaware corporation ("Freshworks"or "Processor") and the person or entity placing an order for or accessing the Service ("Customer" or "Controller"). Processor and Controller are individually referred to as "Party" and collectively as "Parties". In consideration of the terms and conditions set forth below, the parties agree as follows: 1. Scope of contract and Distribution of Responsibilities 1.1 The Parties agree that, for Processing Personal Data, the Parties shall be Controller and Processor. 1.2 Processor shall Process Personal Data only on behalf of Controller and at all times only in accordance with this Data Processing Agreement. 1.3 Within the scope of the Service Agreement, each Party shall be responsible for complying with its respective obligations as Controller and Processor under Data Protection Laws. 2. Processing Instructions 2.1 Processor will Process Personal Data in accordance with Controller's instructions. This Data Processing Agreement contains Controller's initial instructions to Processor. The Parties agree that Controller may communicate any change in its initial instructions to the Processor by way of written notification to the Processor and that Processor shall abide by such instructions. The P-22-299 Agreement Processor shall maintain a secure, complete, accurate and up to date record of all such individual instructions. 2.2 For the avoidance of doubt, any instructions that would lead to processing outside the scope of this Data Processing Agreement (e.g. because a new Processing purpose is introduced) will require a prior agreement between the Parties and, where applicable, shall be subject to the contract change procedure under the Service Agreement. 2.3 Where instructed by Controller, Processor shall correct, delete or block Personal Data. 2.4 Processor shall promptly inform the Controller in writing if, in Processor's opinion, an instruction infringes Data Protection Laws and provide an explanation of the reasons for its opinion in writing. 2.5 Processor shall not be liable for any DP Losses arising from or in connection with any processing made in accordance with Controller's instructions following Controller's receipt of any information provided by Processor in this Section 2. 3. Processor Personnel Processor will restrict its personnel from Processing Personal Data without authorization. Processor will impose appropriate contractual obligations upon its personnel, including relevant obligations regarding confidentiality, data protection and data security. 4. Disclosure to Third Parties; Data Subjects Rights 4.1 Processor will not disclose Personal Data to any third party (including any government agency, court, or law enforcement) except as set forth in this Data Processing Agreement or with written consent from Controller or as necessary to comply with applicable mandatory laws. If Processor is obliged to disclose Personal Data to a law enforcement agency or third party, Processor agrees to give Controller reasonable notice of the access request prior to granting such access, to allow Controller to seek a protective order or other appropriate remedy. If such notice is legally prohibited, Processor will take reasonable measures to protect the Personal Data from undue disclosure as if it were Processor's own confidential information being requested and shall inform Controller promptly as soon as possible if and when such legal prohibition ceases to apply. 4.2 In case Controller receives any request or communication from Data Subjects which relates to the Processing of Personal Data ("Request"), Processor shall provide the Controller with full P-22-299 Agreement cooperation, information and assistance ("Assistance") in relation to any such Request where instructed by Controller. 4.3 Where Processor receives a Request, Processor shall (i) not directly respond to such Request, (ii) forward the request to Controller within 3 (three) business days of identifying the Request as being related to the Controller and (iii) provide Assistance according to further instructions from Controller. 5. Assistance 5.1 The Processor assists the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 GDPR taking into account the nature of Processing and the information available to the Processor 5.2 Where a Data Protection Impact Assessment ("DPIA") is required under applicable Data Protection Laws for the Processing of Personal Data, Processor shall provide upon request Controller with reasonable cooperation and assistance needed to fulfill Customer's obligation to carry out a DPIA related to Customer's use of the Services, to the extent that Customer does not otherwise have access to the relevant information and such information is available to Freshworks. 5.3 The Controller shall pay the Processor reasonable charges mutually agreed between the parties for providing the assistance in Section 5, to the extent that such assistance is not reasonably able to be accommodated within the normal provision of the Services. 6. Information Rights and Audit 6.1 Processor shall, in accordance with Data Protection Laws, make available to Controller on request in a timely manner such information as is necessary to demonstrate compliance by Processor with its obligations under Data Protection Laws. 6.2 Freshworks has obtained third-party certifications and audits set forth on our security page. Upon Controller's written request and subject to the confidentiality obligations set forth in the Service Agreement, Freshworks will make available to Controller a copy of Freshworks' then most recent third-party certifications or audits, as applicable. 6.3 Processor shall, upon reasonable notice, allow for and contribute to inspections of the Processor's Processing of Personal Data, as well as the TOMs (including data processing systems, policies, procedures and records), during regular business hours and with minimal interruption to Processor's business operations. Such inspections are conducted by the P-22-299 Agreement Controller, its affiliates or an independent third party on Controller's behalf (which will not be a competitor of the Processor) that is subject to reasonable confidentiality obligations. 6.4 Controller shall pay Processor reasonable costs of allowing or contributing to audits or inspections in accordance with Section 6.3 where Controller wishes to conduct more than one audit or inspection every 12 months. Processor will immediately refer to Controller any requests received from national data protection authorities that relate to the Processor's Processing of Personal Data. 6.5 Processor undertakes to cooperate with Controller in its dealings with national data protection authorities and with any audit requests received from national data protection authorities. Controller shall be entitled to disclose this Data Processing Agreement or any other documents (including contracts with subcontractors) that relate to the performance of its obligations under this Data Processing Agreement (commercial information may be removed). 7. Data Incident Management and Notification In respect of Customer data incident Processor shall: 7.1 notify Controller of a Personal Data Breach involving Processor or a subcontractor without undue delay (but in no event later than 72 hours after becoming aware of the incident); 7.2 make reasonable efforts to identify the cause of such incident and take those steps as Processor deems necessary and reasonable in order to remediate the cause of the incident to the extent that it is within Freshworks' reasonable control. 7.3 provide reasonable information, cooperation and assistance to Controller in relation to any action to be taken in response to a Personal Data Breach under Data Protection Laws, including regarding any communication of the Personal Data Breach to Data Subjects and national data protection authorities. The obligations contained in Section 7 should not apply to data incidents that are caused by Customer or Customer's users. 8. International Data Transfer 8.1 Data that Freshworks processes for the Customer as a Processor may be stored in the EU or outside of the EU depending on the Freshworks product. 8.2 Freshworks may also process certain data about Customer or its users as a data controller, including in countries outside of the EU, in accordance with Freshworks privacy notice available P-22-299 Agreement at https://www.freshworks.com/privacy 8.3 Where there is international transfer of Personal Data to the Processor in countries which do not ensure an adequate level of data protection the following applies a) The Parties enter into Standard Contractual Clauses (Exhibit 1) for the transfer of Personal Data in countries which do not ensure an adequate level of data protection in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals. The Standard Contractual Clauses will apply to Personal Data originating from Controller (who, for the purposes of the Standard Contractual Clauses shall be deemed the "Data Exporter") that is processed by Processor (who, for the purposes of the Standard Contractual Clauses shall be deemed the "Data Importer"). If there is any conflict between the Standard Contractual Clauses and this Data Processing Agreement, the Standard Contractual Clauses shall prevail. b)At Controller's request, the Standard Contractual Clauses shall be replaced and the Parties shall execute new standard contractual clauses for transfers to data processors in third countries adopted pursuant to Art. 46 (2) c) or d) GDPR. c) If and as long as the country where Personal Data is transferred to a country which is subject to an adequacy decision according Article 45 (3) GDPR, no Standard Contractual Clauses are required. Once the adequacy decision is repealed or suspended, a) and b) shall automatically apply. 9. Reference to Provisions of the Standard Contractual Clauses For the technical and organizational measures (TOMs), reference is made to and Annex II of the Standard Contractual Clauses. For sub-processing, reference is made to Annex III of the Standard Contractual Clauses. In event of objection by the Controller to the appointment or replacement of any sub processor, Processor will either not appoint or replace the sub processor or, if this is not possible, Controller may suspend or terminate the Service(s) (without prejudice to any fees incurred by Controller prior to such suspension or termination). 10. Term and Termination 10.1 This Data Processing Agreement becomes effective upon signature. It shall continue to be in full force and effect as long as Processor is processing Personal Data according to Exhibit 1 Annex I and shall cease automatically thereafter. P-22-299 Agreement 10.2 The Controller may terminate the Data Processing Agreement as well as the Service Agreement for cause, at any time upon reasonable notice or without notice, as selected by Controller, if the Processor is in material breach of the terms of this Data Processing Agreement. 10.3 Where amendments are required to ensure compliance of this Data Processing Agreements with Data Protection Laws, the Parties shall agree on such amendments upon request of Controller and, for the avoidance of doubt, with no additional costs to Controller. Where the parties are unable to agree upon such amendments, either party may terminate the Service Agreement and this Data Processing Agreement with 90 days written notice to the other party. 11. Deletion or Return of Personal Data Controller may export all Customer Data prior to the termination of the Customer's Account. In any event, following the termination of the Customer's Account and the Service Agreement, Customer Data will be retained in accordance with the Data Retention Period as defined in the Service Agreement. 12. Miscellaneous 12.1 In case of any conflict, the provisions of this Data Processing Agreement shall take precedence over the provisions of any other agreement with Processor. 12.2 The limitation of liability stated in the Service Agreement apply to the breach of the Data Processing Agreement. 12.3 No Party shall receive any remuneration for performing its obligations under this Data Processing Agreement except as explicitly set out herein or in another agreement. 12.4 Where this Data Processing Agreement requires a "written notice" such notice can also be communicated per email to the other Party. Notices shall be sent to the contact persons set out in Exhibit 1 Annex I. 12.5 Any supplementary agreements or amendments to this Data Processing Agreement must be made in writing and signed by both Parties. 12.6 Should individual provisions of this Data Processing Agreement become void, invalid or non- viable, this shall not affect the validity of the remaining conditions of this agreement. 13. Definitions "Data Protection Laws" shall mean the data protection laws of the country in which Controller is established, including the GDPR, and any data protection laws applicable to Controller in P-22-299 Agreement connection with the Service Agreement. " DP Losses" means all liabilities, including: a) costs (including legal costs); b) claims, demands, actions, settlements, charges, procedures, expenses, losses and damages (whether material or non-material, and including for emotional distress); c) to the extent permitted by applicable law: i)administrative fines, penalties, sanctions, liabilities or other remedies imposed by a data protection authority or any other relevant Regulatory Authority; ii)compensation to a Data Subject ordered by a data protection authority to be paid by Processor; iii) the costs of compliance with investigations by a data protection authority or any other relevant Regulatory Authority. "GDPR" shall mean the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data. "Personal Data" mean any information relating to an identified or identifiable natural person as defined by the General Data Protection Regulation of the European Union ("GDPR" EC- 2016/679) that is Processed by Processor as part of providing the services to Controller as described in Exhibit 1. "Service Agreement" shall mean the Terms of Service available at https://www.freshworks.com/terms/ or a master services agreement executed between the Parties. "Standard Contractual Clauses/EU Standard Contractual Clauses" the standard contractual clauses set forth in Exhibit 1 for the transfer of Personal Data from a Data Controller in the European Economic Area to Processors established in third countries in the form set out in the Annex of the Commission Implementing Decision (EU) 2021/914 of 4 June 2021, as amended by incorporating the description of the Personal Data to be transferred and the technical and organizational measures to be implemented as set out in the Appendix. "Controller", "Data Subject", "Personal Data Breach", "Processor" and "Process"/"Processing" shall have the meaning given to them in the GDPR. P-22-299 Agreement EXHIBIT 1:STANDARD CONTRACTUAL CLAUSES SECTION I Clause 1 Purpose and scope (a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country. (b) The Parties: (i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter `entity/ies') transferring the personal data, as listed in Annex LA (hereinafter each `data exporter'), and (ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex LA (hereinafter each `data importer') have agreed to these standard contractual clauses (hereinafter: `Clauses'). (c) These Clauses apply with respect to the transfer of personal data as specified in Annex I.B. (d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses. Clause 2 Effect and invariability of the Clauses (a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other P-22-299 Agreement clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects. (b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679. Clause 3 Third-party beneficiaries (a) Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer, with the following exceptions: (i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7; (ii) Clause 8 - Clause 8.1(b), 8.9(a), (c), (d) and (e); NO Clause 9 - Clause 9(a), (c), (d) and (e); (iv) Clause 12 - Clause 12(a), (d) and (f); (v) Clause 13; (vi) Clause 15.1(c), (d) and (e); (vii) Clause 16(e); (viii) Clause 18 - Clause 18(a) and (b); (b) Paragraph is without prejudice to rights of data subjects under Regulation (EU) 2016/679. Clause 4 Interpretation (a) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation. (b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679. (c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679. Clause 5 P-22-299 Agreement Hierarchy In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail. Clause 6 Description of the transfer(s) The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B. Clause 7 Docking clause (a) An entity that is not a Party to these Clauses may, with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A. (b) Once it has completed the Appendix and signed Annex I.A, the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A. (c) The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party. SECTION II—OBLIGATIONS OF THE PARTIES Clause 8 Data protection safeguards The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses. 8.1 Instructions (a) The data importer shall process the personal data only on documented instructions from the data exporter. The data exporter may give such instructions throughout the duration of the contract. P-22-299 Agreement (b) The data importer shall immediately inform the data exporter if it is unable to follow those instructions. 8.2 Purpose limitation The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I. B, unless on further instructions from the data exporter. 8.3 Transparency On request, the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including the measures described in Annex II and personal data, the data exporter may redact part of the text of the Appendix to these Clauses prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand the its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information. This Clause is without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679. 8.4 Accuracy If the data importer becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to erase or rectify the data. 8.5 Duration of processing and erasure or return of data Processing by the data importer shall only take place for the duration specified in Annex I.B. After the end of the provision of the processing services, the data importer shall, at the choice of the data exporter, delete all personal data processed on behalf of the data exporter and certify to the data exporter that it has done so, or return to the data exporter all personal data processed on its behalf and delete existing copies. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit return or deletion of the personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process it to the extent and for as long as required under that local law. This is without prejudice to Clause 14, in particular the requirement for the data importer under Clause 14(e) to notify the P-22-299 Agreement data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under Clause 14(a). 8.6 Security of processing (a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter `personal data breach'). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonym isation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonym isation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security. (b) The data importer shall grant access to the personal data to members of its personnel only to the extent strictly necessary for the implementation, management and monitoring of the contract. It shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. (c) In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate its adverse effects. The data importer shall also notify the data exporter without undue delay after having become aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences and the measures taken or proposed to address the breach including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay. P-22-299 Agreement (d) The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU) 2016/679, in particular to notify the competent supervisory authority and the affected data subjects, taking into account the nature of processing and the information available to the data importer. 8.7 Sensitive data Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person's sex life or sexual orientation, or data relating to criminal convictions and offences (hereinafter `sensitive data'), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B. 8.8 Onward transfers The data importer shall only disclose the personal data to a third party on documented instructions from the data exporter. In addition, the data may only be disclosed to a third party located outside the European Union (in the same country as the data importer or in another third country, hereinafter `onward transfer') if the third party is or agrees to be bound by these Clauses, under the appropriate Module, or if: (i) the onward transfer is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer; (ii) the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 Regulation of (EU) 2016/679 with respect to the processing in question; (iii) the onward transfer is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or (iv) the onward transfer is necessary in order to protect the vital interests of the data subject or of another natural person. Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation. 8.9 Documentation and compliance (a) The data importer shall promptly and adequately deal with enquiries from the data exporter that relate to the processing under these Clauses. P-22-299 Agreement (b) The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep appropriate documentation on the processing activities carried out on behalf of the data exporter. (c) The data importer shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses and at the data exporter's request, allow for and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non- compliance. In deciding on a review or audit, the data exporter may take into account relevant certifications held by the data importer. (d) The data exporter may choose to conduct the audit by itself or mandate an independent auditor. Audits may include inspections at the premises or physical facilities of the data importer and shall, where appropriate, be carried out with reasonable notice. (e) The Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits, available to the competent supervisory authority on request. Clause 9 Use of sub-processors (a) The data importer has the data exporter's general authorisation for the engagement of sub- processor(s) from an agreed list. The data importer shall specifically inform the data exporter in writing of any intended changes to that list through the addition or replacement of sub- processors at least 15 days in advance, thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object. (b) Where the data importer engages a sub-processor to carry out specific processing activities (on behalf of the data exporter), it shall do so by way of a written contract that provides for, in substance, the same data protection obligations as those binding the data importer under these Clauses, including in terms of third-party beneficiary rights for data subjects. The Parties agree that, by complying with this Clause, the data importer fulfils its obligations under Clause 8.8. The data importer shall ensure that the sub-processor complies with the obligations to which the data importer is subject pursuant to these Clauses. (c) The data importer shall provide, at the data exporter's request, a copy of such a sub- processor agreement and any subsequent amendments to the data exporter. To the extent necessary to protect business secrets or other confidential information, including personal data, the data importer may redact the text of the agreement prior to sharing a copy. P-22-299 Agreement (d) The data importer shall remain fully responsible to the data exporter for the performance of the sub-processor's obligations under its contract with the data importer. The data importer shall notify the data exporter of any failure by the sub-processor to fulfil its obligations under that contract. (e) The data importer shall agree a third-party beneficiary clause with the sub-processor whereby- in the event the data importer has factually disappeared, ceased to exist in law or has become insolvent - the data exporter shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data. Clause 10 Data subject rights (a) The data importer shall promptly notify the data exporter of any request it has received from a data subject. It shall not respond to that request itself unless it has been authorised to do so by the data exporter. (b) The data importer shall assist the data exporter in fulfilling its obligations to respond to data subjects' requests for the exercise of their rights under Regulation (EU) 2016/679. In this regard, the Parties shall set out in Annex II the appropriate technical and organisational measures, taking into account the nature of the processing, by which the assistance shall be provided, as well as the scope and the extent of the assistance required. (c) In fulfilling its obligations under paragraphs and (b), the data importer shall comply with the instructions from the data exporter. Clause 11 Redress (a) The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject. (b) In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them. (c) Where the data subject invokes a third-party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to: P-22-299 Agreement (i) lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13; (ii) refer the dispute to the competent courts within the meaning of Clause 18. (d) The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679. (e) The data importer shall abide by a decision that is binding under the applicable EU or Member State law. (f) The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws. Clause 12 Liability (a) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses. (b) The data importer shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data importer or its sub- processor causes the data subject by breaching the third-party beneficiary rights under these Clauses. (c) Notwithstanding paragraph (b), the data exporter shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data exporter or the data importer (or its sub- processor) causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter and, where the data exporter is a processor acting on behalf of a controller, to the liability of the controller under Regulation (EU) 2016/679 or Regulation (EU) 2018/1725, as applicable. (d) The Parties agree that if the data exporter is held liable under paragraph (c) for damages caused by the data importer (or its sub-processor), it shall be entitled to claim back from the data importer that part of the compensation corresponding to the data importer's responsibility for the damage. (e) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and P-22-299 Agreement the data subject is entitled to bring an action in court against any of these Parties. (f) The Parties agree that if one Party is held liable under paragraph (e), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage. (g) The data importer may not invoke the conduct of a sub-processor to avoid its own liability. Clause 13 Supervision (a) The supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, shall act as competent supervisory authority. Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) of Regulation (EU) 2016/679: The supervisory authority of the Member State in which the representative within the meaning of Article 270) of Regulation (EU) 2016/679 is established, as indicated in Annex I.C, shall act as competent supervisory authority. Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) without however having to appoint a representative pursuant to Article 27(2) of Regulation (EU) 2016/679: The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located, as indicated in Annex I.C, shall act as competent supervisory authority. (b) The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken. SECTION III—LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES P-22-299 Agreement Clause 14 Local laws and practices affecting compliance with the Clauses (a) The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses. (b) The Parties declare that in providing the warranty in paragraph , they have taken due account in particular of the following elements: (i) the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred; (ii) the laws and practices of the third country of destination- including those requiring the disclosure of data to public authorities or authorising access by such authorities- relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards; (iii) any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination. (c) The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses. (d) The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request. (e) The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph , including following a change in the laws of the third country or a measure (such as a disclosure request) P-22-299 Agreement indicating an application of such laws in practice that is not in line with the requirements in paragraph (a). (f) Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (e) shall apply. Clause 15 Obligations of the data importer in case of access by public authorities 15A Notification (a) The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it: (i) receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or (ii) becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer. (b) If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter. P-22-299 Agreement (c) Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.). (d) The data importer agrees to preserve the information pursuant to paragraphs to (c) for the duration of the contract and make it available to the competent supervisory authority on request. (e) Paragraphs to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses. 15.2 Review of legality and data minimisation (a) The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e). (b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request. (c) The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request. SECTION IV—FINAL PROVISIONS Clause 16 Non-compliance with the Clauses and termination P-22-299 Agreement (a) The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason. (b) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f). (c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where: (i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension; (ii) the data importer is in substantial or persistent breach of these Clauses; or (iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses. In these cases, it shall inform the competent supervisory authority of such non- compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. (d) Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law. (e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679. Clause 17 P-22-299 Agreement Governing law These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of the Federal Republic of Germany. Clause 18 Choice of forum and jurisdiction (a) Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State. (b) The Parties agree that those shall be the courts of Berlin, Federal Republic of Germany (c) A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence. (d) The Parties agree to submit themselves to the jurisdiction of such courts. ANNEX 1 A.LIST OF PARTIES Data exporter: Name: The Customer, as defined in the Freshworks Terms of Service or Master Service Agreement (on behalf of itself and Permitted Affiliates) Address: The Customer's address, as set out in the Master Service Agreement or Service Order Form Contact person's name, position and contact details: The Customer's contact details, as set out in the Master Service Agreement or Service Order Form and/or as set out in the Customer's Freshworks Account Activities relevant to the data transferred under these Clauses: Processing of Personal Data in connection with Customer's use of the Freshworks Services under the Freshworks Terms of Service or Master Service Agreement. Role (controller/processor): Controller Data importer: Name: Freshworks Inc. P-22-299 Agreement Address: 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA, legal@freshworks.com (with CC to support@freshworks.com) Contact person's name, position and contact details: Marcus Toussaint, dpo@freshworks.com, c/o Freshworks GmbH, Neue GrunstraBe 17, 10179 Berlin Activities relevant to the data transferred under these Clauses: Processing on behalf of the controller (providing services) Signature and date: Role (controller/processor): processor B.DESCRIPTION OF TRANSFER You may submit Personal Data in the course of using the Services, the extent of which is determined and controlled by you in your sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of Data Subjects: Data exporter's end-customers Data exporter's Group employees Data exporter's merchants Categories of personal data transferred Contact data- name, date of birth, address, email, phone number, etc. Contact data- Social security number or similar Payment data- credit and debit card number, invoice data, bank account number, etc. Purchase data- purchase and payment history, etc. Device data- Internet Protocol (IP) address and geolocation data, etc. Log data - contains contact data and device data Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures. Frequency of the transfer. P-22-299 Agreement The frequency of the transfer is on a continuous basis for the duration of the Service Agreement. Purpose(s) of the data transfer and further processing We will Process Personal Data as necessary to provide the Services pursuant to the Terms of Service or Master Service Agreement, as further specified in the Service Order Form, and as further instructed by you in your use of the Services. Personal Data will be retained during the term of the Agreement and in accordance with the Data Retention Period as defined in the Service Agreement. For transfers to (sub-)processors, ANNEX III LIST OF SUB-PROCESSORS applies. C.COMPETENT SUPERVISORY AUTHORITY For the purposes of the Standard Contractual Clauses, the supervisory authority that shall act as competent supervisory authority is either (i) where Customer is established in an EU Member State, the supervisory authority responsible for ensuring Customer's compliance with the GDPR; (ii) where Customer is not established in an EU Member State but falls within the extra-territorial scope of the GDPR and has appointed a representative, the supervisory authority of the EU Member State in which Customer's representative is established; or (iii) where Customer is not established in an EU Member State but falls within the extra-territorial scope of the GDPR without having to appoint a representative, the supervisory authority of the EU Member State in which the Data Subjects are predominantly located. In relation to Personal Data that is subject to the UK GDPR or Swiss DPA, the competent supervisory authority is the UK Information Commissioner or the Swiss Federal Data Protection and Information Commissioner (as applicable). ANNEX 11 TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA Processor maintains and enforces various policies, standards and processes designed to secure personal data and other data to which Processor employees are provided access, and updates such policies, standards and processes from time to time consistent with industry standards. Following is a description of some of the technical and organizational measures implemented by Processor as of the date of signature: 1. General Security Procedures P-22-299 Agreement 1.1 Processor shall be responsible for establishing and maintaining an information security program that is designed to: (i) protect the security and confidentiality of Personal Data; (ii) protect against anticipated threats or hazards to the security or integrity of the Personal Data; (iii) protect against unauthorized access to or use of the Personal Data; (iv) ensure the proper disposal of Personal Data, as further defined herein; and, (v) ensure that all employees and subcontractors of Processor, if any, comply with all of the foregoing. Processor shall designate an individual to be responsible for the information security program. Such individual shall respond to Controller inquiries regarding computer security and to be responsible for notifying Controller-designated contact(s) if a breach or an incident occurs, as further described herein. 1.2 Processor shall conduct formal privacy and security awareness training for all its employees as soon as reasonably practicable after the time of hiring and/or prior to being appointed to work on Personal Data and annually recertified thereafter. Documentation of security awareness training shall be retained by Processor, confirming that this training and subsequent annual recertification process have been completed. 1.3 Controller shall have the right to review an overview of Processor's information security program prior to the commencement of Service and annually thereafter upon Controller request. 1.4 Processor shall not transmit any unencrypted Personal Data over the internet or any unsecured network, and shall not store any Personal Data on any mobile computing device, such as a laptop computer, USB drive or portable data device, except where there is a business necessity and then only if the mobile computing device is protected by industry-standard encryption software. Processor shall encrypt Personal Data in transit into and out of the Services over public networks using industry standard protocols. 1.5 In the event of any apparent or actual theft, unauthorized use or disclosure of any Personal Data, Processor shall immediately commence all reasonable efforts to investigate and correct the causes and remediate the results thereof, and without undue delay and within 72 hours following confirmation of any such event, provide Controller notice thereof, and such further information and assistance as may be reasonably requested. Upon Controller request, remediation actions and reasonable assurance of resolution of discovered issues shall be provided to Controller. 2. Network and Communications Security 2.1 All Processor connectivity to Controller computing systems and/or networks and all attempts at same shall be only through Controller's security gateways/firewalls and only through Controller-approved security procedures. P-22-299 Agreement 2.2 Processor shall not access and will not permit unauthorized persons or entities to access Controller computing systems and/or networks without Controller's express written authorization and any such actual or attempted access shall be consistent with any such authorization. 2.3 Processor shall take appropriate measures to ensure that Processor's systems connecting to Controller's systems and anything provided to Controller through such systems does not contain any computer code, programs, mechanisms or programming devices designed to, or that would enable, the disruption, modification, deletion, damage, deactivation, disabling, harm or otherwise be an impediment, in any manner, to the operation of Controller's systems. 2.4 Processor shall maintain technical and organisational measures for data protection including: (i) firewalls and threat detections systems to identify malicious connection attempts, to block spam, viruses and unauthorized intrusion; (ii) physical networking technology designed to resist attacks by malicious users or malicious code; and (iii) encrypted data in transit over public networks using industry standard protocols. 3. Personal Data Handling Procedures 3.1 Erasure of Information and Destruction of Electronic Storage Media. All electronic storage media containing Personal Data must be wiped or degaussed for physical destruction or disposal, in a manner meeting forensic industry standards such as the NIST SP800-88 Guidelines for Media Sanitization, prior to departing Controller Work Area(s), with the exception of encrypted Personal Data residing on portable media for the express purpose of providing service to the Controller. Processor shall maintain commercially reasonable documented evidence of data erasure and destruction for infrastructure level resources. 3.2 Processor shall maintain authorization and authentication technologies and processes to ensure that only authorized persons access Personal Data, including: (i) granting access rights on the basis of the need-to-know-principle; (ii) reviewing and maintaining records of employees who have been authorized or who can grant, alter or cancel authorized access to systems; (iii) requiring personalized, individual access accounts to use passwords that meet complexity, length and duration requirements; (iv) storing passwords in a manner that makes them undecipherable if used incorrectly or recovered in isolation; (v) encrypting, logging and auditing all access sessions to systems containing Personal Data; and (vi) instructing employees on safe administration methods when computers may be unattended such as use of password protected screen savers and session time limits. 3.3 Processor shall maintain logical controls to segregate Personal Data from other data, including the data of other customers. P-22-299 Agreement 3.4 Processor shall maintain measures to provide for separate processing of data for different purposes including: (i) provisioning Controller within its own application-level security domain, which creates logical separation and isolation of security principles between customers; and (ii) isolating test or development environments from live or production environments. 4. Physical Security 4.1 Processor shall ensure that at least the following physical security requirements are met: i) All backup and archival media containing Personal Data must be contained in secure, environmentally controlled storage areas owned, operated, or contracted for by Processor. All backup and archival media containing Personal Data must be encrypted. ii) Technical and organisational measures to control access to data center premises and facilities are in place and include: (i) staffed reception desks or security officers to restrict access to identified, authorized individuals; (ii) visitor screening on arrival to verify identity; (iii) all access doors, including equipment cages, secured with automatic door locking systems with access control systems that record and retain access histories; (iv) monitoring and recording of all areas using CCTV digital camera coverage, motion detecting alarm systems and detailed surveillance and audit logs; (v) intruder alarms present on all external emergency doors with one-way internal exit doors; and (vi) segregation of shipping and receiving areas with equipment checks upon arrival. iii) Processor shall maintain measures to protect against accidental destruction or loss of Personal Data including: (i) fire detection and suppression, including a multi-zoned, dry-pipe, double-interlock, pre-action fire suppression system and a Very Early Smoke Detection and Alarm (VESDA); (ii) redundant on-site electricity generators with adequate supply of generator fuel and contracts with multiple fuel providers; (iii) heating, ventilation, and air conditioning (HVAC) systems that provide stable airflow, temperature and humidity, with minimum N+1 redundancy for all major equipment and N+2 redundancy for chillers and thermal energy storage; and (iv) physical systems used for the storage and transport of data utilizing fault tolerant designs with multiple levels of redundancy. 5 Security Testing 5.1 During the performance of Services under the Agreement, Processor shall engage, at its own expense and at least one time per year, a third party vendor ("Testing Company") to perform penetration and vulnerability testing ("Security Tests") with respect to Processor's systems containing and/or storing Personal Data. P-22-299 Agreement 5.2 The objective of such Security Tests shall be to identify design and/or functionality issues in applications or infrastructure of the Processor systems containing and/or storing Personal Data, which could expose Controller's assets to risks from malicious activities. Security Tests shall probe for weaknesses in applications, network perimeters or other infrastructure elements as well as weaknesses in process or technical countermeasures relating to the Processor systems containing and/or storing Personal Data that could be exploited by a malicious party. 5.3 Security Tests shall identify, at a minimum, the following security vulnerabilities: invalidated or un- sanitized input; broken or excessive access controls; broken authentication and session management; cross- site scripting (XSS) flaws; buffer overflows; injection flaws; improper error handling; insecure storage; common denial of service vulnerabilities; insecure or inconsistent configuration management; improper use of SSL/TLS; proper use of encryption; and anti-virus reliability and testing. 5.4 Within a reasonable period after the Security Test has been performed, Processor shall remediate the issues (if any) identified and subsequently engage, at its own expense, the Testing Company to perform a revalidation Security Test to ensure resolution of identified security issues. Results thereof shall be made available to the Controller upon request. 6. Security Audit 6.1 Processor, and all subcontracted entities (as appropriate) shall conduct at least annually an SSAE 18 (or equivalent) audit covering all systems and/or facilities utilized to provide the Service to the Controller and will furnish to Controller the results thereof promptly following Controller's written request. If, after reviewing such audit results, Controller reasonably determines that security issues exist relating to the Service, Controller will notify Processor, in writing, and Processor will promptly discuss and where commercially feasible, address the identified issues. Any remaining issues shall be documented, tracked and addressed at such time as agreed upon by both Processor and the Controller. ANNEX III LIST OF SUB-PROCESSORS The controller has authorised the use of the following sub-processors: The current list of sub processors is available at https://www.freshworks.com/privacy/sub- processor/ P-22-299 Agreement • If Customer Data are hosted in the EEA datacentre with custom mailbox, only those services are turned on by default, where the specific sub-processor has datacentres in the EEA; however, if Controller chooses to use services like third party integrations and Apps, or Custom Apps, then data is expected to leave the EEA. • Call recording for Freshdesk, Freshsales & Freshcaller is generated in the US, then routed to the EEA. • Processor intends to use the service of the Freshworks group companies as sub processor. The current list of Freshworks group companies is available at https://www.freshworks.com/privacy/sub-processor/. Need a signed copy? Please send a request to dpo@freshworks.com ,r freshworks .. COMPANY v CONNECT WITH US v Copyright © Freshworks Inc. All Rights Reserved P-22-299 Agreement 4 freshworks Professional Services Agreement Effective Date: August 21, 2021 This Professional Services Agreement ("PSA") is entered into by and between Freshworks Inc., a Delaware corporation ("Freshworks" or "Provider") and the person or entity placing an order for or accessing the Service ("Customer" or "you"). This PSA is entered into pursuant to the Terms of Service unless Customer has a written Freshworks master services agreement in which case such written Freshworks master services agreement will govern (in either case, the "Agreement"). All capitalized terms herein shall have the same definitions as set forth in the Agreement. In the event of a conflict between this PSA and the Agreement (as defined below) the terms of this PSA will control. In consideration of the terms and conditions set forth below, the parties agree as follows: 1. Scope of Services. Subject to the terms and conditions of this PSA, Freshworks will provide Customer with Professional Services (as defined below) as set forth in the applicable statements of work executed by Freshworks and Customer (each, a "Statement of Work" or "SOW"). From time to time, the parties may enter into SOWs that specify the general consulting, implementation and/or training services to be provided to Customer hereunder (the "Professional Services"). All Statements of Work shall be deemed part of and subject to this PSA. Subject to terms and conditions of this PSA and the Agreement, and during Customer's Subscription Term, Freshworks hereby provides Customer with the non-exclusive, worldwide, limited right to use any deliverables and/or training materials delivered by Freshworks to Customer as part of the Professional Services ("Deliverables") solely for Customer's internal business operations including in connection with its authorized use of the applicable Service. 2. Terms and Conditions for Training. Training Deliverables. All electronic and hard copy versions of the training Deliverables may be provided for Customer's internal training purposes only. Customer is prohibited from: (a) modifying the training Deliverables, unless otherwise authorized in writing by Freshworks or set forth in an applicable SOW; (b) reselling or P-22-299 Agreement sublicensing any training Deliverables; (c) utilizing the training Deliverables to replicate or attempt to perform the training, unless otherwise authorized in writing by Freshworks or set forth in an applicable SOW; and (d) developing or attempting to develop any of the products described in such training Deliverables. Customer may not record, stream or otherwise capture any performance or aspect of the training Professional Services. The training Deliverables are not subject to any maintenance, support or Updates. 3. Change Management Process. If Customer or Freshworks requests a change in any of the specifications, requirements, Deliverables, or scope (including drawings and designs) of the Professional Services described in any Statement of Work, the party seeking the change shall propose the applicable changes by written notice. Within five (5) business days of receipt of the written notice, each party's project leads shall meet to discuss the proposed changes. Freshworks will prepare a change order describing the proposed changes to the Statement of Work and the applicable change in Fees and expenses, if any (each, a "Change Order"). Change Orders are not binding unless and until they are executed by both parties. Executed Change Orders shall be deemed part of, and subject to, this PSA. Additional charges may apply for scope changes, change requests or delays caused by Customer. Any such changes will be set forth in a Change Order. All charges associated with scope changes, change requests, or delays will be due on receipt of the invoice by the Customer. Upon prior written approval from the Customer, all travel, meals, and living expenses for all Freshworks' personnel who travel or are supposed to travel in support of the engagement shall be billable at cost and all such expenses shall be the sole responsibility of the Customer. Customer shall be charged for any travel expenses that cannot be canceled or refunded. 4. Proprietary Rights. 4.1 Freshworks Intellectual Property Rights. All rights, title and interest in and to the Professional Services (including without limitation all intellectual property rights therein and all modifications, extensions, customizations, scripts or other derivative works of the same provided or developed by Freshworks) and anything developed or delivered by or on behalf of Freshworks under this PSA (including without limitation Deliverables and Tools as such terms are defined herein) are owned exclusively by Freshworks or its licensors. Except as provided in this PSA, the rights granted to Customer do not convey any rights in the Professional Services, express or implied, or ownership in the Professional Services or any intellectual property rights thereto. Customer grants Freshworks a royalty free, worldwide, perpetual, irrevocable, transferable right to use, modify, distribute and incorporate into the Service (without attribution of any kind) any suggestions, enhancement request, recommendations, proposals, correction or other feedback or information provided by Customer or any Users related to the operation or P-22-299 Agreement functionality of the Service. Any rights in the Professional Services or Freshworks' intellectual property not expressly granted herein by Freshworks are reserved by Freshworks. 4.2 Tools. Notwithstanding any other provision of this PSA: (i) nothing herein shall be construed to assign or transfer any intellectual property rights in the proprietary tools, libraries, know-how, techniques and expertise ("Tools") used by Freshworks to develop the Deliverables, and to the extent such Tools are delivered with or as part of the Deliverables, they are made available on the same terms as the Deliverables; and (ii) the term "Deliverables" shall not include the Tools. Tools are Freshworks Confidential Information. 5. Professional Services Warranty& Disclaimer. 5.1 Freshworks warrants that Professional Services will be provided in a professional manner consistent with industry standards. Customer must notify Freshworks of any warranty deficiencies within 30 days from performance of the deficient Professional Services. 5.2 FRESHWORKS DOES NOT WARRANT THAT THE PROFESSIONAL SERVICES WILL BE PERFORMED ERROR- FREE OR UNINTERRUPTED, THAT FRESHWORKS WILL CORRECT ALL PROFESSIONAL SERVICES ERRORS, OR THAT THE PROFESSIONAL SERVICES WILL MEET CUSTOMER'S REQUIREMENTS OR EXPECTATIONS. FRESHWORKS IS NOT RESPONSIBLE FOR ANY ISSUES RELATED TO THE PERFORMANCE, OPERATION OR SECURITY OF THE PROFESSIONAL SERVICES THAT ARISE FROM CUSTOMER DATA OR THIRD-PARTY APPLICATIONS OR PROFESSIONAL SERVICES PROVIDED BY THIRD PARTIES. FOR ANY BREACH OF THE PROFESSIONAL SERVICES WARRANTY, CUSTOMER'S EXCLUSIVE REMEDY AND FRESHWORKS' ENTIRE LIABILITY SHALL BE THE CORRECTION OF THE DEFICIENT PROFESSIONAL SERVICES THAT CAUSED THE BREACH OF WARRANTY. 5.3 TO THE EXTENT NOT PROHIBITED BY LAW, THIS WARRANTY IS EXCLUSIVE AND THERE ARE NO OTHER EXPRESS OR IMPLIED WARRANTIES OR CONDITIONS, INCLUDING FOR SOFTWARE, HARDWARE, SYSTEMS, NETWORKS OR ENVIRONMENTS OR FOR MERCHANTABILITY, SATISFACTORY QUALITY AND FITNESS FOR A PARTICULAR PURPOSE. 6. Limitations of Liability. 6.1 IN NO EVENT WILL EITHER PARTY OR ITS AFFILIATES BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE, OR EXEMPLARY DAMAGES, OR ANY LOSS OF REVENUE, PROFITS (EXCLUDING FEES UNDER THIS PSA), SALES, DATA, DATA USE, GOODWILL, OR REPUTATION P-22-299 Agreement 6.2 IN NO EVENT SHALL THE AGGREGATE LIABILITY OF FRESHWORKS AND ITS AFFILIATES ARISING OUT OF OR RELATED TO THIS PSA OR OR SOW, WHETHER IN CONTRACT, TORT, OR OTHERWISE, EXCEED THE TOTAL AMOUNTS ACTUALLY PAID UNDER THE APPLICABLE SOW FOR THE PROFESSIONAL SERVICES GIVING RISE TO THE LIABILITY. 7. Term and Termination. 7.1 Term. This PSA is valid for the SOF or SOW Forms (including SOWS) which reference this PSA. Each SOW shall commence on the date it is last signed, and shall expire upon completion of the project set forth in the applicable SOW, or as otherwise set forth in the applicable SOW. Once signed by both parties, a SOW shall be non- cancellable, except as otherwise explicitly stated in such SOW. 7.2. Termination. This PSA will terminate automatically when all Estimates/Order Forms and SOWS referencing this PSA are terminated or expired. In addition, in the event that Customer is a party to Agreement and Customer's right to use the Service is terminated pursuant to such Agreement, Freshworks may terminate this PSA and any SOW hereunder. Upon termination or expiration of this PSA, Customer shall have no rights to continue use of the Professional Services, Deliverables or Tools. ,, freshworks .. COMPANY v CONNECT WITH US v Copyright © Freshworks Inc. All Rights Reserved P-22-299 Agreement freshworks PRIVACY POLICIES ` Freshworks Privacy Notice Effective Date July 27, 2021 For prior version, please click here. Freshworks is committed to protecting your privacy. This Privacy Notice ("Notice") describes how Freshworks processes personal data in connection with our business, including the provision of our website at (https://www.freshworks.com/) ("Website") and our Services. This Notice explains Freshworks' approach to any Personal Data that we might collect from you, or which we have obtained about you from a third party, and the purposes for which we process your Personal Data in our capacity as a Controller (i.e. when Freshworks determines the purposes and means of the processing of personal data). It also describes your rights in respect of our processing of your Personal Data. This Notice only applies to the use of your Personal Data by us or on our behalf. It does not apply to: • Personal Data collected by third parties during your communications/dealings with those third parties or your use of their products or services (for example, where you follow links to third party websites over which we have no control). • Personal Data processed, stored or hosted by us when we act as a Processor on behalf of our Customers in the course of providing our Services, in which case the privacy statement of the relevant Customer will apply, and our data processing agreement with such Customer will govern our processing of your Personal Data. P-22-299 Agreement DEFINITIONS The capitalized terms used in this Notice are defined in Annex 1. QUICK LINKS We recommend that you read this Notice in full to ensure you are fully informed. However, if you only want to access a particular section of this Notice, you can click on the relevant link below to jump to that section. 1. WHO IS THE DATA CONTROLLER? 2. WHO WE COLLECT PERSONAL DATA ABOUT? 3. WHAT PERSONAL DATA DOES FRESHWORKS COLLECT, HOW DO WE USE YOUR PERSONAL DATA AND WHAT LEGAL BASIS DO WE RELY ON? 4. WITH WHOM DO WE SHARE PERSONAL DATA? 5. INTERNATIONAL TRANSFER OF DATA 6. HOW DOES FRESHWORKS KEEP PERSONAL DATA SECURE? 7. EEA, UK AND SWISS SPECIFIC RIGHTS 8. CALIFORNIA-RESIDENT SPECIFIC RIGHTS 9. BRAZILIAN GENERAL DATA PROTECTION LAW (LGPD) 10. OPTING OUT PROCEDURE 11. OTHER COMMUNICATIONS 12. RETENTION OF PERSONAL DATA 13. LINKS TO THIRD-PARTY SITES 14. GOOGLE API DISCLOSURE 15. CHILDREN'S PERSONAL DATA 16. AMENDMENTS 17. EFFECT OF MERGER OR ACQUISITION 18. CONTACTING FRESHWORKS 1. WHO IS THE DATA CONTROLLER? 1. The Website and our Services are made available by various companies in the Freshworks group of companies (each a "Group Company"). P-22-299 Agreement Where this Privacy Notice refers to "Freshworks", "we", "us, "our", this means one or more of the particular Group Companies that provide the particular Website, Mobile Application, Newsletter or Services to you, recruits you, uses testimonials from you, sends marketing communications to you, host an event you visit, or organizes a program in which you participate For the purposes of the GDPR and LGPD, the following Group Companies act as a data controller when the processing of your Personal Data is caught by the requirements of the GDPR or LGPD. Location: United States Freshworks Inc. (company no: 4861858) is a company established is a company established under the laws of Delaware with its registered office at 16192 Coastal Highway, Lewes, Delaware 19958, USA and its principal business address can be found here. Location:Germany Freshworks GmbH (company no: HRB 176669 B) is a company established under the laws of Germany and its registered office address can be found here. Location:Netherlands Freshworks Technologies B.V. (company no: 73582166) is a company established under the laws of the Netherlands and its registered office address can be found here. Location:France Freshworks SAS (company no: 842815581) is a company established under the laws of France and its registered office address can be found here. Location: United Kingdom Freshworks Technologies UK Limited (company no: 09338697) is a company established under the laws of England and Wales and its registered office address can be found here. Location:India Freshworks Technologies Private Limited (company no: U72200TN2010PTC078458) is a company established under the laws of India with its registered office at Module - 1 & 2, 1st Floor, Block B, No 40, Global Infocity Park, MGR Salai, Perungudi Chennai - 600096, Tamil Nadu, India. 2. WHO WE COLLECT PERSONAL DATA ABOUT We collect and process Personal Data about the following people: P-22-299 Agreement • Website visitors: If you browse our Website or contact us via our Website (Contact Sales) we will collect and process your Personal Data in connection with your interaction with us and our Website. • Users of our Services: If you use our Services, whether it is through our Website or our Mobile Applications, we will process your Personal Data for certain data analytics purposes and in order to offer, deliver and improve our Services. • Visitors to our Offices: If you attend our office, we may process Personal Data about you that you volunteer in connection with your visit and any enquiries you make. For example, you may volunteer Personal Data when signing in as a guest. CCTV footage may also be collected for security purposes. • Recipients of marketing communications from us: If you are a potential lead or existing customer, we may process Personal Data about you in order to send you marketing communications. • Event attendees: If you register for, attend or take part in our events, webinars or contests hosted by us we will process Personal Data about you in connection with your attendance at the event. For example, we may ask you to complete a registration or feedback form, or other documents relating to the event. • Personnel that work for our Customers, partners and suppliers (including subcontractors and personnel who work for us as freelancers or contractors). If you (or your organization) are: ■ ■ in receipt of services from us; ■ supply products or services to us; or ■ otherwise partner with us; we may collect and process your Personal Data in connection with our provision of those Services to you, our receipt of those Services from you and/or our partnership. This may include Personal Data included in any email or telephone communications or recorded on any document relating to an order for the Services. • Job applicants: If you apply for a job with us, whether through our Website or otherwise, we will collect and process your Personal Data in connection with your application. • Shareholders: If you are a shareholder of our Group Companies, we will process your personal data in relation to your investment and for our reporting obligations. We also make available a Market Place platform where individuals can download applications developed by Freshworks or by third parties (the "Applications"). This Notice will apply to our P-22-299 Agreement processing of your Personal Data during your use of the Applications when the Applications are provided by us, and the Application shall include a link to this Notice. When Applications are provided by a third party, the privacy statement of the relevant third party will apply. Hosted Data Some of our Services include processing of data on behalf of our Customers in relation to applications, tools or software that we provide ("Hosted Data"). Save for the limited circumstances set out in this Notice, we are not the data controller of this Hosted Data as we do not determine the purposes or the means of the processing. If you believe your Personal Data is being processed by us in this way you should refer to the privacy notice of the data controller on whose behalf we are acting. 3.WHAT PERSONAL DATA DOES FRESHWORKS COLLECT, HOW DO WE USE YOUR PERSONAL DATA AND WHAT LEGAL BASIS DO WE RELY ON? WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA A) Personal Data we collect directly from you ("Collected Data") Purpose: providing you with the Services We may We process your Personal Data for use your Personal Data for the following purposes these purposes based on our legitimate when providing our Services: interests or a third party's legitimate interest to ensure we provide our • administering your account (including when Services in an effective, safe and you subscribe and sign-up to any of our efficient way. Where we process your Services), assessing the needs of your Personal Data to administer your business to suggest suitable Services and account, or to the extent necessary to respond to service requests, questions or collect your subscription fees, we do so concerns. for the purposes of our contract with • facilitating your transactions with other users you. when you use our Services. • to prevent or respond to any misuse of our Services or Applications or any violations of our Terms and any applicable laws. • collection of subscription fees. WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA The data processed includes: • contact information such as name, e-mail address, mailing address, IP address, geographic location, or phone number of the Account admin; • billing information, such as credit card number and billing address details about payments made between you and us; details of Services purchased from us; • name and e-mail address when Account admin/Agent(s) provide feedback from within the Service(s); • unique identifiers, such as username, account number or password • your feedback and survey responses; and • the content of any messaging you send us in a service request, question or concern including via email, telephone or via the Website. Purpose: Recruitment, Freshworks Careers. Where we use your Personal Data in When you apply for an open position by either connection with recruitment, it will be in populating the application form, by email or by hard connection with us taking steps at your copy and whether submitted directly by you or by a request to enter into a contract we may third-party recruitment agency on your behalf, we have with you or it is in our legitimate will use such data to evaluate you for the open interest to use personal data in such a position that you have applied for or any position way to ensure that we can make the that we consider you suitable for at the time you best recruitment decisions. We will not submit your resume or at any later date. For the process any special (or sensitive) purposes of evaluating you for an open position, you categories of Personal Data or understand that we may internally rate you based on Personal Data relating to criminal parts of your resume and your information. If you do convictions or offences except where P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGALI BASIS DO WE under ONTO PROCIESS PERSONAL DATA legislationY9ri0FO iALiRffifeit consent. not wish to be rated by us, please do not provide us your information. The data processed includes: • contact information, such as name, email address, mailing address, phone number, and (subject to local laws) links to your social networking profiles; • any other information you volunteer, including during any interview or your interactions with us and contained in the resume that you submit to us; • personal data obtained from any third parties we work with in relation to our recruitment activities, including without limitation (and subject to local laws), recruitment agencies, background check providers, credit reference agencies and your referees; and • details of your education, qualifications and employment history, any other personal data which is contained in any reference about you that we receive. Such information may also include special categories of personal data (such as information about your health, any medical conditions and your health and sickness records) and information relating to criminal convictions and offences (only if that information is relevant to the role you are applying for and subject to local laws). Subject to local laws, we may also use your personal data for the purposes of reviewing our equal opportunity profile in accordance with applicable legislation. We do not discriminate on the P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation. All employment-related decisions are made entirely on merit. We will retain data from applications for a limited period for record keeping and legal (or, subject to local law, regulatory) purposes. We may (subject to laws in your jurisdiction) also retain your data in order to contact you if a role arises for which we think you would be suitable. Further information about this will be provided during the application process and we will ask for consent where necessary according to local law. Purpose: Freshworks hosting or managing Events It is necessary for us to use your and programs. From time to time, we may organize Personal Data in this way to perform and host events for the purpose of promoting our our obligations in accordance with any business or other reasons. The data processed contract that we may have with you includes: where you have signed up to attend an event, or it is in our legitimate interest • We may process your name, email address, or a third party's legitimate interest to designation and company name to use Personal Data in such a way to communicate with you about such events ensure that the event is operated in a where you have specifically requested secure and effective way. We may information about such events or where we specifically ask your permission to use have another lawful basis for sending that your photographs, quotes, testimonials, information to you. or other content that you make • When you attend an event conducted by available or publish at the event. Where Freshworks, including webinars or seminars, this is the case, our processing of such we may collect your contact information such Personal Data will be based on consent as name, e-mail address, phone number, (or, if we enter into a contract with you designation and company name to record your for this purpose, on the performance of said contract) P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA attendance at the event and for related record- keeping purposes. • If you attend any user conferences hosted by us at physical location where we serve food and other refreshments, we collect information about your food preferences and allergies. • You may also feature in photographs taken at our events and such photographs may appear in publications that we make available. When you register for any of our programs through a registration form on our Site, we may collect information such as your name, e-mail address, company name, designation, company website URL, IP address, location and contact information. P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA Purpose: Prize draws, prize competitions and other promotions. • From time to time, we may run prize draws, prize • competitions and other promotions on our Site and/or on our social media accounts. The data processed includes: • For the purposes of administering such It is necessary for us to use your promotions, we may process: personal data to perform our • your name, e-mail address, company name, obligations in accordance with any designation, company website URL, IP contract that we may have with you address, location and contact information, (e.g. the promotion terms and banking details; conditions) or it is in our legitimate • information about when your current or interest to use your personal data to previous sessions started, IP address; browser enable us to administer our promotion type and operating system; geolocation, any fairly and effectively and to ensure that other unique numbers assigned to a device we comply with self-regulatory codes and other data that is collected through your governing the operation of promotions. interactions with third party websites and services; and • any other personal data volunteered by you or that we ask for in relation to your promotion entry. Our promotions are subject to separate terms and conditions, which you may be required to accept as a condition of entry. P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA We may post your Purpose: Participation in Public forums, testimonials/comments/reviews on our Community platform, Forms and using of your Websites which may contain your statements for testimonials. When you visit or Personal Data. Where we use your content in connection with Services register our publicly accessible community forums and blogs or submit any forms on our Site, you that we provide via our Website, it is in should be aware that any information you provide in our legitimate interest to use any these areas may be read, collected, and used by Personal Data that you provide to us to others who access them. We may post your ensure that we provide the relevant testimonials/comments/reviews on our Websites Services in an effective way. Prior to which may contain your Personal Data. The data posting the testimonial, we will obtain processed includes: your consent to post your name along with the testimonial. If you do not • contact information such as name, e-mail consent we are only allowed to use the address, mailing address, or phone number; testimonial in an fully anonymized way. • information about your business, such as If you want to revoke your consent and company name, company size, business type; your testimonial to be removed, please and contact us at support@freshworks.com. If we enter a short bio about you to identify you as the author of into a contract with you for this the post. purpose, our legal basis may be the performance of said contract. If you have requested content from us, Purpose: Newsletters. When you actively i.e. a newsletter, it is in our legitimate subscribe to our newsletters, we collect your e-mail interest to use your Personal Data in address to share our newsletters with you. such a way to ensure that we process your request in an effective way. P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA Purpose: Advertising and marketing to our Customers and prospective leads - sending marketing communications by post and/or email. The data processed includes: We use your name, email address, job title; and organization that you represent, social media handle and details of any marketing preferences that you have communicated to us to send you (or the organization you represent) marketing communications by post and/or email. Our marketing will include press In the UK, EU and Brazil we will rely on releases and information about us, our Website and your consent when sending marketing our Services, any events we may hold and any offers communications. Otherwise, it is in our or promotions we offer from time to time. Our legitimate interest to use your Personal marketing communications will include personalized Data for marketing purposes, for and non-personalized marketing. Personalized example to decide what marketing marketing has been specifically tailored to you and content we think may appeal to you or will include content that we think is most relevant to for postal or email marketing (except you, based on what we know about you. We may where we are required by applicable use technology to do this, but generally all our law to obtain your consent). marketing methods involve human intervention . Non-personalized marketing is marketing that is not tailored to you. Where we are sending you personalized marketing, we may also use other types of Personal Data to help us decide what sort of personalized marketing to send you (please see the "Cookies and Similar Technologies", "Usage Data" and "Mobile Applications" sections below for more details). P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA Purpose: Advertising and marketing to our Customers and prospective leads: Online personalized marketing. The data processed includes: We and our third party partners may use your data relating to your behaviors, interests and preferences, including data collected as a result of your browsing activity and/or interaction with our Website and/or our emails, which is obtained Please see the "Cookies and Similar through the use of cookies, pixel tags and other technologies" section to learn about similar technologies; information about when your the legal basis that we rely on to collect current or previous sessions started, IP address; data via the use of cookies. browser type and operating system; geolocation, https://www.freshworks.com/list-of- any other unique numbers assigned to a device and cookies/ Where we use your personal other data that is collected through your data to display online personal interactions with third party websites and services advertising to you, we rely on the to provide you with, and analyze the effectiveness consent that you have provided in of, personalized ads when you visit other websites respect of the collection of such data, and/or use other services (including the social or, subject to local law, it is otherwise in media and other platforms described in the our legitimate interests to promote our "advertising to you on social media and other Website and our Services to you. platforms" section. By "personalized ads", we mean advertisements for services that you have shown an interest in when you have used our Website or which we or our partners otherwise think you might be interested in based on your browsing habits. Note, our third-party partners may also use the data that is collected to show personalized ads for products and services offered by third parties. Purpose: Advertising and marketing to our We will only share your Personal Data Customers and prospective leads - advertising to with the third-party providers of the you on social media and other platforms. We share Social Platforms, so that we can your email address and other identifiers such as advertise our Services to you when you P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR use H TtLEGAL Social ASIS DO WE RE YSdN TO PROCESS PERSONAL DATA have proviR15@Fs@M*[or where it your phone number or device ID (usually in an is otherwise in our legitimate interests encrypted or `hashed' form) with third-party to do so in order to promote our providers of social media platforms and other Services]. Where this activity is services, such as [Facebook, Linkedln] and other undertaken through the use of Cookies similar platforms ("Social Platforms"), so that the please see the "Cookies and Similar third party providers can try to "match" your data Technologies" section) to learn about with the data of their registered users of their Social the legal basis that we rely on. You can Platforms. Where there is a successful match, we opt-out of our sharing of your personal will display our advertising to you when you use the information with the third-party relevant Social Platform (e.g. on your Facebook providers by exercising your rights as a newsfeed). This is known as "custom audience" data subject as set out below. advertising, because we "customize" the audience that we want to reach on the relevant service. Some of the advertising that you see may be personalized to you. The data that we use to personalize our advertising, will include: • Data relating to your browsing activity or interaction with our emails, obtained through the use of cookies, pixel tags and other similar technologies; information about when your current or previous sessions started; details about any products you viewed through the Site; and • IP address; browser type and operating system; geolocation; any other unique numbers assigned to a device. Such data used to personalize advertising will not be provided to the third-party providers of the Social Platforms for this purpose but please see the "Cookies and Similar Technologies" section for details of where we may share such data. This P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA activity is also subject to the privacy choices you have elected to make on such Social Platforms. Purpose: Advertising and marketing to our Customers and prospective leads - advertising to Please see the "advertising to you on other people who share similar interests and social media and other platforms" characteristics to you (or if you are someone that section for details of the lawful basis sees such advertising). We will provide your that we rely on to share your personal Personal Data to third-party providers of Social data with the Social Platforms. It is in Platforms as described in the "advertising to you our legitimate interests to further use on social media and other platforms" and the your Personal Data to advertise our "Cookies and Similar Technologies" sections. If Services to other individuals that use you are a user of those Social Platforms, we may those Social Platforms and who share ask the third-party providers of those Social similar interests and characteristics Platforms to find other registered users of their with you. If you are someone who has services who share similar interests and characteristics to you, which will be based on seen this advertising on a Social information that the third party holds about you and Platform, it is in our legitimate interests that the Social Platform uses the data its other registered users. This is known as that you have provided to it to advertise "lookalike" audience advertising because we are our Services, although please note that trying to show our advertising to people who "look we do not receive this data and you like" you. If you are someone who has seen this should exercise your rights in respect advertising on a Social Platform, please note that of such data in accordance with the this activity is based on data that you have provided privacy notice of the relevant Social to the Social Platform (which we do not receive) and Platform. is also subject to the privacy choices you have elected to make on such third-party services. P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA Purpose: Service Analytics. We perform analytics It is necessary for us to use your on Personal Data that we process in order to: Personal Data in this way to perform assess the needs of our Customer's business to our obligations in accordance with any determine or suggest suitable Service(s); send contract that we may have with you to Customers requested information about the provide our Services. It is also in our Service(s) and improve the quality of this legitimate interests to process Personal information; respond to customer service requests, Data in this way in order to perform questions and concerns and improve the quality of analytics, train our algorithms, improve, these responses; and for product improvement enhance, develop, support and operate purposes. The data processed includes: Email the Services and its availability, compile addresses; mobile or Iandline telephone numbers; IP statistical reports and record insights address; chat identifiers and chat content; widgets. into usage patterns, develop new As set out above we are generally not a data products and services using machine controller of any Hosted Data- i.e.. data which we learning technologies and more process on behalf of our customers. However, generally to better serve our some Hosted Data may be used as part of our Customers and be able to provide analytics for the above purposes. customized content and features. Purpose: Cookies and Similar Technologies, Cookies and Similar Technologies: Mobile Applications, Usage Data, Single Sign on Where your data is collected through and Social Media. We use commonly used tools to the use of non-essential cookies, we automatically collect information that may contain rely on consent to collect your personal Personal Data from your computer or mobile device data and for the onward processing as you visit our Websites, use our application or in purpose. Please see our Cookie Policy general use our Services. a) Cookies and Similar https://www.freshworks.com/list-of- Technologies. We and our third party advertising cookies/ for further details. partners use cookies, web beacons, pixel tags and similar technologies (which we generically refer to as `cookies') to collect data from the devices that you use to access our Website. Data collected via these cookies are used for the purposes of: • analyzing trends; P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA • administering the Website; • to count users who have visited our Site and collect other types of information including insights about visitors' browsing habits on the Websites; • gathering demographic information about our user base as a whole; • to learn what parts of our Website are most popular and what kind of features and functionalities our visitors like to see; • to help us understand the type of marketing content that is most likely to appeal to our visitors and Customers; and • to help us with the selection of future product and service lines, website design and to remember your preferences. We may receive reports from third party companies based on the use of these technologies on an individual and aggregated basis. Most web browsers support cookies and users can control the use of cookies at the individual browser level. Please note that if you choose to disable cookies, it may limit your use of certain features or functions on our Websites and Services. As is true of most websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our Websites (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data. We link this automatically collected data to other data we collect about you. P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA Please see our Cookies Policy https://www.freshworks.com/list-of-cookies/ for further information about our use of Cookies and similar technologies. P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA Mobile Applications: Functionality: It is in our legitimate interest to use the data collected here in order to send error b) Mobile Applications. When you download, messages (if applicable) and in order to install and use our Mobile Applications, we secure our Mobile Applications and to detect and resolve errors and automatically collect information on the type of cyberattacks. Mobile Analytics: Where device you use, operating system version, and the we use mobile analytics software to device identifier (or "UDID"). We use mobile analytics software to allow us to better understand understand the functionality of our the functionality of our Mobile Software on your Mobile Software on your phone, we rely o phone. This Software may record certain n our legitimate interests in order to information such as how often you use the secure our Mobile Applications and application, the events that occur within the ensure the proper functioning of our application, aggregated usage, performance data, Mobile Applications and ensure the and where the application was downloaded from. effective provision of our Services. We do not link the information we store within the Where this involves the use of cookies, analytics software to any personal data you submit please see the "Cookies and Similar within the Mobile Applications. When you open the Technologies" section) to learn about Mobile Applications for the first time, you may be the legal basis that we rely on. asked for permission to send you push notifications. https://www.freshworks.com/list-of- If you allow this feature, our Mobile Applications will cookies/ Push notifications: In the UK, send you push notifications, for example, reminders, EU and Brazil, where we send push alerts, updates and other information. You can notifications about any events or configure and turn off push notifications via your promotions that we may be running device settings at any time. and/or update you about new features to our Services we will do so on the basis of your consent. Otherwise, we will rely on our legitimate interests in doing so. c) Usage Data. In addition to the information Usage Data: We will rely on our mentioned in the Cookies and Similar legitimate interests to process Usage Technologies https://www.freshworks.com/list-of- Data for the purposes outlined, except P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHATaLEIGAL BASIS DO WE RE Y ON TO PROCESS PERSONAL DATA consent eJY@lI09W9.0AftkdWCsage Data cookies/ section above that we automatically is collected via cookies or similar collect, we also collect clicks, scrolls, conversion technologies please see the "Cookies and drop-off on our Websites and Service(s) to and Similar Technologies" section) to monitor user journey in real-time ("Usage Data"). learn about the legal basis that we rely Subject to this Notice, we will use such Usage Data on. https://www.freshworks.com/list-of- and Service Data, including without limitation, to (i) cookies/ assess the needs of your business to determine or suggest suitable Services; (ii) send you requested information about the Services; (iii) respond to customer service requests, questions and concerns; and (iv) for any analytical purposes. • For Freshinbox users only: whenever an email is linked with Freshinbox manually by you, we collect information you filled in the fields From, To, CC, Subject, Thread ID, Message ID and Label ID. We will create a copy of the email thread in the inbox of all your team members. If any team member access is revoked by you, we will delete the created email from the corresponding team member's inbox. We will never delete the original email which was linked to Freshinbox originally. • For Freshcaller users only: your calls will be recorded, subject to the consent of both parties to the call, and this recording will be used for product improvement, including to train our applications to better recognize human speech • For Freshchat, Freshworks and Freshmarketer customers: you will have the option to opt out of analytics or tracking certain events from within these products. P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA • For FreshworksCRM users only: Your calls made using FreshworksCRM will be recorded, subject to the consent of both parties to the call, and this recording will be used for product improvement, including to train our applications to better recognize human speech. You will have the option to opt out of analytics or tracking certain events from within FreshworksCRM. • Analytics opt-out for products other than Freshchat, Freshworks and Freshmarketer: Customers may opt-out of analytics by writing to dpo@freshworks.com. d) Single sign-on You can log in to our Websites using sign-in services such as Google, Facebook Connect and Linkedln. These services will authenticate your identity and provide you the Single sign on: Where you have opted option to share certain Personal Data with us such to use single sign on - it is in our as your name and e-mail address. Services like legitimate interest to process your Google, Facebook Connect, Twitter, Linkedln give Personal Data in order to facilitate the you the option to post information about your single sign on function. activities on our Websites to your profile page and to share information with others within your network. P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA e) Social media features and third party cookies. Our Websites includes social media features, such as the Facebook "Like" button, the "Share This" button or interactive mini-programs. Where you interact with these features, those third parties may Social media features: Where this collect your IP address, which page you are visiting activity is undertaken through the use on our Websites, and may set a cookie to enable the of Cookies on our Website we rely on feature to function properly. Social media features consent to collect your personal data and widgets are either hosted by a third party or and for the onward processing hosted directly on our Websites. Your interactions purpose. Please see our Cookie Policy with these features are governed by the privacy https://www.freshworks.com/list-of- notice of the company providing them. If the widget cookies/ for further details. Where we is shown on our Websites, our Privacy Notice use social media features we do so in applies. Please see our Cookies Policy for further line with the terms and conditions of information. If you provide us or our service those providers. providers with any Personal Data relating to other individuals, including End-User data or your employee's data, you represent that you have the authority to do so and acknowledge that it will be used in accordance with this Notice. P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA Where we use your Personal Data in connection with a business transition, Purpose: Business administration and legal to enforce our legal rights or to protect compliance. the rights of third parties, it is in our legitimate interest to do so. For all other • We may use your Personal Data to: a) respond purposes described in this section, we to lawful requests by public authorities, have a legal obligation to use your including meeting national security or law Personal Data to comply with any legal enforcement requirements; b) when we believe obligations imposed upon us, such as a that disclosure is necessary to protect our court order. In some jurisdictions the rights and/or to comply with a judicial applicable legal basis will be the proceeding, court order, police request or exercise of legal rights in judicial, other legal process served on us; c) to protect administrative or arbitration the rights of third parties; and d) in connection proceedings. We will not process any with a business transition such as a merger, special (or sensitive) categories of reorganization, acquisition by another Personal Data or Personal Data relating company, or sale of any of our assets. to criminal convictions or offences except where we are able to do so under applicable legislation and/ or with your explicit consent. P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA Purpose: Receipt of products and services from our suppliers. If we have engaged you or the It is necessary for us to use your organization you represent to provide us with Personal Data to perform our products or services (for example, if you or the obligations in accordance with any organization you represent provide us with services contract that we may have with you or such as IT sup port or financial advice), we will the organization you represent, or it is collect and process your Personal Data in order to in our legitimate interest to use manage our relationship with you or the organization Personal Data in such a way to ensure you represent, to receive products and services that we have an effective working from you or the organization you represent and, relationship with you or the where relevant, to provide our Services to others. organization you represent and are able The data processed includes: The Personal Data to receive the products and services we collect from you may include your name, email that you or your organization provides, address, telephone number, designation, billing and provide our Services to others, in address and any other personal data you volunteer an effective way. which is relevant to our relationship with you or the organization you represent. P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA Purpose: Security. We may process your Personal Data in connection with the administration of our security measures. We have security measures in place at our premises, including CCTV and building access controls. There are signs in place showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to It is in our legitimate interests to know basis (e.g. to look into an incident). CCTV process your Personal Data so that we recordings are typically automatically overwritten can keep our premises secure and after a short period of time unless an issue is provide a safe environment for our identified that requires investigation (such as a personnel and visitors. theft). We may require visitors to our premises to sign in on arrival and where that is the case we will keep a record of visitors for a short period of time - normally only for as long as is necessary for legitimate security purposes. Our visitor records are securely stored and only accessible on a need-to- know basis (e.g. to look into an incident). What Personal Data we collect and how we use What legal basis we rely on to your Personal Data? process your Personal Data? B) Information that we collect from third parties. P-22-299 Agreement WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR WHAT LEGAL BASIS DO WE RELY ON TO PROCESS PERSONAL DATA YOUR PERSONAL DATA From time to time, we may receive Personal Data about you from third party sources like databases and social media but only where we have checked When processing your Personal Data that these third parties either have your consent to received by third parties for these or are otherwise legally permitted or required to purposes, we will rely on the consent disclose your personal information to us. The types that you have given such third party to of information we obtain from such third parties share data with us. Otherwise, subject include your name, e-mail address, postal address, to local law, our processing activities location, designation, telephone number and we use will rely on our legitimate interests to the information we receive from these third parties improve our customer service and to maintain and improve customer support ensure our marketing databases are experience, improve the accuracy of the records we accurate. hold about you and for our sales and marketing purposes. 4. WITH WHOM DO WE SHARE PERSONAL DATA? We process Personal Data in the countries in which we are established, including the United States, the United Kingdom and the European Economic Area ("EEA") and in other countries where third parties that we may use are based. You may refer to the Freshworks Data Hosting page here for more information about the locations in which the Hosted Data (i.e., that which we process as a Processor during the provision of our Services) is stored. When processing your Personal Data, we may need to share it with other third parties (including other entities within our Group of Companies), as set out below. This list is non-exhaustive and there may be circumstances where we need to share Personal Data with other third parties: • With third parties assisting Freshworks in providing our Customers with the Service(s) ("Sub-Processors" listed here). Our Sub-Processors are given access to Customers' Account and Service Data only as reasonably necessary to provide the Service(s) and will be subject to confidentiality obligations in their service agreements; • With third party service providers providing us with services, such as research and analytics, anti-spamming and anti-phishing services, marketing and data enrichment or for them to reach out to you on our behalf; P-22-299 Agreement • For Freshinbox users: with third parties to permit such third parties to provide services that help us to provide our business activities, which may include assisting us with marketing, advertising our product/service offerings, or providing, maintaining and improving the features and functionality of the Services • With third party payment processors who process your credit card and other payment information for Freshworks but who are otherwise not permitted to store, retain or use such information; • With third party partners for the purpose of assisting us in onboarding you and providing any further support needed to use our Services; • With sponsors of contests for which you register; • With third-party service providers that are assisting us with the operation and administration of events. If we are running an event in partnership with other organizations, we will share your Personal Data with such organizations for use in relation to the event; • With third-party social media networks, advertising networks and websites; • With external recruiters, and related organizations such as third-party providers that undertake employee background checks on our behalf and on behalf of other entities within our Group of Companies; • With auditors, lawyers, accountants and other professional advisers who advise and assist us in relation to the lawful and effective management of our organization and in relation to any disputes we may become involved in; • Law enforcement or other government and regulatory agencies and bodies or other third parties as required by, and in accordance with, applicable law or regulation; • With Affiliates within Freshworks and companies that we will acquire in the future when they are made part of the Freshworks group - this may be for customer support, marketing, technical operations, account management or organizational purposes and to provide, enhance and improve the Services; • If we are involved in a merger, reorganization or other fundamental corporate change with a third party, or sell/buy a business unit to/from a third party, or if all or a portion of our business, assets or stock are acquired by a third party, with such third party including at the due diligence stage; • Other third parties - Occasionally, we may receive requests from third parties with authority to obtain disclosure of Personal Data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for Personal Data where we are permitted to do so in accordance with applicable law or regulation. P-22-299 Agreement • When you connect your Gmail mailbox with your Freshworks Account (see section 14 (Google API Disclosure) below). Where necessary (such as when we transfer data to service providers) we put in place appropriate contractual arrangements and security mechanisms to protect the Personal Data shared and to comply with our data protection, confidentiality and security standards and obligations. Further details can be provided upon request. 5. INTERNATIONAL TRANSFER OF DATA When making any transfers of Personal Data from the EEA, Switzerland and the UK to countries which do not have the same data protection laws as the EEA, Switzerland and the UK we will comply with our legal and regulatory obligations in relation to your Personal Data, including having a lawful basis for transferring Personal Data and putting appropriate safeguards in place to ensure an adequate level of protection for the Personal Data. We will take reasonable steps to ensure the security of your Personal Data in accordance with applicable data protection laws. When transferring your Personal Data outside the EEA, Switzerland and the UK, we will, where required by applicable law, implement at least one of the safeguards set out below: Adequacy decisions: We may transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the UK and/or European Union authorities. For further details, see https://ec.europa.eu/info/law/law-topic/data- protection/data-transfers-outside-eu/adequacy-protection-persona l-data-non-eu- countries en. Model Clauses: Where we use certain service providers we may use specific contracts approved by the UK and/or European Authorities which give Personal Data the same protection it has in the UK and the EEA. For further details, see https://ec.europa.eu/info/law/law- topic/data-protection/data- transfers-outside-eu/model-contracts-transfer-personal-data- third-countries en. This is true whether or not the transfer is within our group, or to a third party. With respect to Personal Data received or transferred to the United States, Freshworks Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. With respect to Personal Data subject to LGPD's jurisdiction, Freshworks Inc. will also accomplish LGPD's requirements for transfers of Personal Data to countries which do not have the same data protection laws. In certain situations, Freshworks Inc. and/or its Group Companies may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national P-22-299 Agreement security or law enforcement requirements. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you can contact us at dpo@freshworks.com or via postal mail at Freshworks Inc., 2950 S.Delaware Street, Suite 201, San Mateo, CA 94403 at the attention of the Data Protection Officer with a copy to dpo@freshworks.com. HOW DOES FRESHWORKS KEEP PERSONAL DATA SECURE? We use appropriate technical and organizational measures to protect the Personal Data that we collect and process. We have implemented information security policies, rules and technical measures to protect the Personal Data under our control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss. In addition, all our employees and data processors (i.e. those who process your Personal Data on our behalf) are obliged to respect the confidentiality of the Personal Data of all users of our Website and those who purchase our Services. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data. While information security risks are always evolving, so are the controls. The controls, so implemented, are periodically reviewed as part of internal and external audits. If you have questions about the security of your Personal Data, please contact us using the details in section 18. 7. EEA, UK AND SWISS SPECIFIC RIGHTS A) Collected Data (excluding Hosted Data) If you are an individual resident in EEA, UK or Switzerland, you have the following data protection rights regarding Collected Data: If you wish to exercise any of the following rights in relation to your Personal Data (hereinafter referred to as a "Request"), you can do so at any time by contacting us using the details in section 18: If you ask us, we will confirm whether we are processing your Personal Data Your right and, if so, provide you with a copy of that Personal Data (along with certain other of access details). If you require additional copies, we may charge a reasonable fee for producing those additional copies. P-22-299 Agreement Your right If the Personal Data we hold about you is inaccurate or incomplete, you are to entitled to have it rectified. If we have shared your Personal Data with others, rectificatio we'll let them know about the rectification where possible. If you ask us, where n possible and lawful to do so, we will also tell you who we've shared your Personal Data with so that you can contact them. You can ask us to delete or remove your Personal Data in some circumstances, such as where we no longer need it or where you withdraw your consent (where Your right applicable). If we have shared your Personal Data with others, we will let them to erasure know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your Personal Data with so that you can contact them directly. You can ask us to "block" or suppress the processing of your Personal Data in certain circumstances such as where you contest the accuracy of that Personal Data or you object to us processing it for a particular purpose. This may not Your right mean that we will stop storing your Personal Data but, where we do keep it, we to restrict will tell you if we remove any restriction that we have placed on your Personal processing Data to stop us processing it further. If we've shared your Personal Data with others, we'll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we'll also tell you who we've shared your Personal Data with so that you can contact them directly. Your right You have the right, in certain circumstances, to obtain Personal Data you have to data provided to us (in a structured, commonly used and machine-readable format) portability and to reuse it elsewhere or to ask us to transfer it to your chosen third party. You can ask us to stop processing your Personal Data, and we will do so, if we Your right are: (i) relying on our own or someone else's legitimate interest to process your to object Personal Data, except if we can demonstrate compelling legal grounds for the processing; or (ii) processing your Personal Data for direct marketing purposes. Your rights You have the right not to be subject to a decision when it is based on automatic in relation processing, including profiling, if it produces a legal effect or similarly to significantly affects you, unless such profiling is necessary for the entering into, automated or the performance of, a contract between you and us. decision- making P-22-299 Agreement and profiling Your right If we have collected and process your Personal Data with your consent, then to you can withdraw your consent at any time. Withdrawing your consent will not withdraw affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on consent lawful processing grounds other than consent. Your right You have the right to opt-out of marketing communications we send you at any to opt out time. You can exercise this right by clicking on the "unsubscribe" or "opt-out" link of marketing in the marketing e-mails we send you. To opt-out of other forms of marketing communic (such as postal marketing or telemarketing), please contact us using the details in section 18. ations If you have a concern about any aspect of our privacy practices, including the Your right way we have handled your Personal Data, please contact us using the details in to lodge a section 18. You also have the right to complain to a data protection authority complaint in the Member State of your residence or the place of the alleged infringement. with the You can find a list of contact details for all EU supervisory authorities at supervisor http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. y authority The UK data protection regulator is the Information Commissioner's Office and contact details can be found at https://ico.org.uk. If you are residing in France: your right to give You have the right to give instructions regarding the retention, deletion and instruction disclosure of your Personal Data after your death. You may designate a person s regarding to carry out these instructions. This person is then entitled to be informed of the the directives and to request their implementation from us. processing of your data after your death P-22-299 Agreement We respond to all Requests we receive from individuals wishing to exercise their data protection rights within a reasonable timeframe in accordance with applicable data protection laws. We can only process requests after we have verified your identity which may mean requesting further information from you. B) Hosted Data As explained above, some of our Services including processing data on behalf of our customers in relation to Applications, tools or software that we provide. Save for the limited circumstances set out in this Notice, we are not the Data Controller of this Hosted Data as we do not determine the purposes or the means of the processing. If you wish to access, correct, update, modify or delete Hosted Data or if you would no longer like to be contacted by one of our Customers you should direct your query to the Customer, who is the Data Controller of your data. If requested by the Customer to action a Request, we will respond within a reasonable timeframe. If you are a Customer of our Services and wish to raise a Request on behalf of data subjects in connection with Hosted Data, you may raise a ticket on the support portal of the relevant Service. Please note that if a Customer has subscribed to more than one Service, a Request on a particular Service support portal is specific to that Service only and separate Requests need to be raised across other relevant Service support portals. 8. CALIFORNIA-RESIDENT SPECIFIC RIGHTS To the extent you are a 'consumer' as defined under the California Consumer Privacy Act of 2018 ("CCPA") and Freshworks is a 'business' as defined under CCPA, the following applies to you: Under the CCPA, "personal information" is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Subject to the provisions of the CCPA, you have the right to request that we disclose certain information to you about our collection, use, disclosure, or sale of your personal information over the past 12 months. Right to request for information You have the right to request information about: • Categories of Personal Information Freshworks has collected about you. P-22-299 Agreement • Specific pieces of Personal Information Freshworks has collected about you. • Categories of sources from which the Personal Information is collected. • Business or commercial purpose for collecting Personal Information. • Categories of third parties with whom the business shares Personal Information The list of categories of Personal Information collected and disclosed about consumers during the prior 12 months, and that may be collected and disclosed going forward, are listed under the section 'WHAT PERSONAL DATA DOES FRESHWORKS COLLECT, HOW DO WE USE YOUR PERSONAL DATA AND WHAT LEGAL BASIS DO WE RELY ON' and the list of categories of third parties to whom the Personal Information was or may be disclosed are listed under the heading 'WITH WHOM DO WE SHARE PERSONAL DATA?'. b. Right to request for deletion of any Personal Information collected about you by Freshworks. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. c. How to submit an access or deletion request: If you seek to exercise the foregoing rights to access or delete Personal Information, please contact us at dpo@freshworks.com or write to us here. We respond to all requests we receive from you wishing to exercise your CCPA rights within a reasonable timeframe in accordance with applicable data protection laws. By writing to us, you agree to receive communication from us seeking information from you in order to verify you to be the consumer from whom we have collected the Personal Information and such other information as reasonably required to enable us to honor your request. Only you, or a person or business entity registered with the California Secretary of State that you authorize to act on your behalf (an "authorized agent"), may make the requests set forth above. The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information that allows us to reasonably verify that you are the person about whom we collected the personal information or an authorized representative of that person. In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. The method used to verify your identity will depend on the type, sensitivity, and value of the information, including the risk of harm to you posed by any authorized access or deletion. Generally speaking, verification will be performed by matching the P-22-299 Agreement identifying information provided by you to the personal information that we already have. Any disclosures we provide will only cover the 12-month period preceding our receipt of your request (and will not be made more than twice in a 12-month period). If we cannot comply with a request, or cannot fully comply with a request, the response we provide will also explain the reasons we cannot comply. We will not discriminate against you for exercising any of your CCPA rights. d. Sale of Personal Information. Freshworks does not sell your Personal Information, as that term "sell" is defined under the CCPA. Freshworks does not sell your Personal Data. 9. LGPD The LGPD grants control and self-determination to data subjects and provides compliance responsibilities for organizations such as Freshworks in regard to personal data whose data subject is located within Brazilian territory at the moment of data collection or to any offering or providing of goods or service for individuals located within Brazilian territory. The LGPD gives national regulators powers to impose significant fines and indemnification liabilities on organizations that breach this law. All content of this notice and Freshworks's processing of personal data are in strict compliance with LGPD, where applicable. At Freshworks we take a global approach to ensure all members benefit from increased control and clarity, which is in line with our commitment to putting our Customers first and working every day to maintain the trust they put in us. LGPD grants the following rights to those individuals subject to its jurisdiction: Confi You have right to know and have access to the data we process about you. rmati on of data proce ssing and P-22-299 Agreement acces s Data You have the right to request a correction of any incomplete, inaccurate or outdated corre ction data of yours that we process. Anon ymiza tion, You have the right to request anonymization, blocking or elimination of unnecessary blocki or excessive data or of any data being processed contrary to the law. ng or deleti on Data porta You have the right, in certain circumstances, to reuse the Personal Data you have bility provided to us elsewhere or to ask us to transfer it to your chosen third party. Infor matio n on You have the right to be informed about the public and private entities with which we data may share your Personal Data. sharin 9 • If we have collected and processed your Personal Data with your consent, you can withdraw your consent at any time, for all or part of the data. Withdrawing Withd your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information raw Cons conducted in reliance on lawful processing grounds other than consent, in case which (as other applicable situations) you have the right to know what data we ent can retain. • You also have the right to know what the consequences of you withdrawing consent will be (for example, if it will prevent you from receiving a service). File a You have the right to file a complaint with a supervisory authority about our collection comp) and processing of your Personal Data. The Brazilian data protection regulator is the P-22-299 Agreement aint Autoridade Nacional de Protepao de Dados and contact details can be found at https://www.gov.br/anpd/pt-br. 10. OPTING OUT PROCEDURE If you no longer wish to receive marketing communications from Freshworks, you may click on the "unsubscribe" link located on the bottom of our marketing emails or you can contact us at support@freshworks.com. When using our Mobile Applications, you also have the option to turn off push notifications. If you would like to object to the use of your Personal Data for analytics, you can contact us at support@freshworks.com To opt out of the use of cookies, please see update your preferences here. 11. OTHER COMMUNICATIONS If you are our Customer, we will send you announcements (email or in product notifications related to the Services) on occasions when it is necessary to do so. For instance, if our Services are temporarily suspended for maintenance, we might send you an e-mail. Generally, you may not opt-out of such communications as they are a key part of delivering our Services to your effectively. If you do not wish to receive them, you may deactivate your Account. 12. RETENTION OF PERSONAL DATA We will retain Personal Data only as long as is necessary for the purposes for which it is collected, as set out in this Notice. We will also retain it as necessary to comply with our legal obligations, for legal and litigation purposes, to maintain accurate financial and other records, deal with complaints, and enforce our agreements. Generally, in respect of Personal Data that we process in connection with the supply of our Services, we may retain your Personal Data for up to six years from the date of supply of the relevant Services and in compliance with our data protection obligations. We may then destroy such files without further notice or liability. P-22-299 Agreement Where we process any other Personal Data, we will generally retain relevant Personal Data for up to three years from the date of our last interaction with you (and in compliance with our data protection obligations). We may then destroy such files without further notice or liability. If any Personal Data is only useful for a short period (e.g., for a specific activity, promotion or marketing campaign), we will not retain it for longer than the period for which it is used by us.lf you have opted out of receiving marketing communications from us, we will need to retain certain Personal Data on a suppression list indefinitely so that we know not to send you further marketing communications in the future. However, we will not use this Personal Data to send you further marketing unless you subsequently opt back in to receive such marketing. Should you apply to work for us, we will retain data from your application for a limited period for record keeping and legal purposes. We may (subject to laws in your jurisdiction) also retain your data in order to contact you if a role arises for which we think you would be suitable. Further information about this will be provided during the application process and we will ask for consent where necessary according to local law. The above examples may vary in some cases due to local laws, liability periods and mandatory retention requirements. For example, if certain information needs to be retained for longer according to local laws, regulations or because different legal limitation periods apply, then we will keep the Personal Data for these longer periods. 13. LINKS TO THIRD PARTY SITES Our Websites contain links to other websites that are not owned or controlled by Freshworks. Please be aware that we are not responsible for the privacy practices of such other websites or third parties. We encourage you to be aware when you leave our Websites and to read the privacy policies of each and every website that collects Personal Data. 14. GOOGLE API DISCLOSURE Freshworks has developed a functionality that allows its customers to connect their Gmail mailbox using Oauth with our products. Connecting your Gmail mailbox to your Freshworks account allows Freshworks to associate your account with your personal information on Google, to see your personal information, including any personal information you have made available, to view your email address and access your emails in order to create them as a ticket P-22-299 Agreement in our products, and to transmit the Service Data to third-party applications listed on Freshworks' Marketplace that you integrate with your Account. The connection will further allow you to respond to your emails directly from our product and to delete them once they are fetched into our product. Freshworks's use of information received from Google APIs will adhere to Google API Services User Data Policy's App's, including the Limited Use requirement. 15. CHILDREN'S PERSONAL DATA Freshworks does not knowingly collect any Personal Data from children under the age of 16. If you are under the age of 16, please do not submit any Personal Data through our Websites or Services. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce this Notice by instructing their children never to provide Personal Data through our Services or Websites without their permission. If you have reason to believe that a child under the age of 16 has provided Personal Data to us through our Websites or Services, please contact us using the details in section 18 and we will endeavor to delete that information and terminate the child's account from our databases. 16. AMENDMENTS Amendments to this Notice will be posted to this URL and will be effective when posted. If we make any material changes, we will notify you by means of a conspicuous notice on this Website or via e-mail or via in-product notification, but we encourage you to review this Notice periodically to keep up to date on how we use your Personal Data. You should frequently visit this Notice to stay fully informed. Your continued use of our Websites or the Service(s) following the posting of any amendment, modification, or change to this Notice shall constitute your acceptance of the amendments to this Notice. You can choose to discontinue use of the Websites or Service(s), if you do not accept the terms of this Notice, or any modified version of this Notice. 17. EFFECT OF MERGER OR ACQUISITION P-22-299 Agreement In the event Freshworks goes through a business transition, such as a merger or acquisition by another company, or sale of all or a portion of its assets, Customers' Accounts, Collected Data and Service Data will likely be among the assets transferred. A prominent notice will be displayed on our Websites to notify you of any such change in ownership or control and Customers will be notified via an e-mail 18. CONTACTING FRESHWORKS If you have any questions about this Privacy Notice or our privacy practices, you can contact us at dpo@freshworks.com or via postal mail at Freshworks Inc., 2950 S.Delaware Street, Suite 201, San Mateo, CA 94403 at the attention of the Data Protection Officer with a copy to dpo@freshworks.com. Annex 1 - Definitions "Controller", "Data Subject", "Personal Data Breach", "Processor" and "Process" shall have the meaning given to them in the GDPR or other applicable law. "Account": means any accounts or instances created by or on behalf of Customer for access to and use of any of the Service(s). "Affiliate": means, with respect to a Freshworks entity, any entity that directly or indirectly controls, is controlled by, or is under common control with such Freshworks entity, whereby "control" (including, with correlative meaning, the terms "controlled by" and "under common control") means the possession, directly or indirectly, of the power to direct, or cause the direction of the management and policies of such person, whether through the ownership of voting securities, by contract, or otherwise. "API": means the application programming interfaces developed, enabled by, or licensed to Provider that permits a User to access certain functionality provided by the Service(s). "Apps": mean the software applications listed on the Market Place which are created, developed, licensed, or owned by third-party developers. The term also includes any updates, upgrades and other changes to such software applications and versions thereof. "Documentation": means any published data sheet provided by Freshworks detailing the functionalities of the Software. P-22-299 Agreement "GDPR" shall mean the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data, and any legislation relating to the processing of personal data effective in the UK and/or Switzerland that is intended to replicate or maintain some or all of the provisions, rights and obligations set out in Regulation (EU) 2016/679, as relevant. "LGPD" means "Lei Geral de Protegao de Dados Pessoais", which corresponds to the Brazilian data protection law no. 13.709/2018. "Market Place": means an online marketplace for Apps that interoperate with the Service(s). Its Website(s) is https://www.freshworks.com/apps/. "Mobile Applications": mean the software applications created, developed, and owned by Freshworks to enable access and use of the Service(s) through mobile or other handheld devices (such as apps on iOS or Android devices). "Personal Data" shall mean any information relating to an identified or identifiable natural person as defined by the General Data Protection Regulation of the European Union ("GDPR" EC-2016/679). `Processing"/"To Process": means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction. "Service Data": means all electronic data, text, messages or other materials, including without limitation Personal Data of Users and End-Users, submitted to the Service(s) by Customer through Customer's Account in connection with Customer' use of the Service(s). "Service(s)": mean and include Freshdesk, Freshservice, Freshsales, Freshchat, Freshcaller, Freshteam, Freshmarketer, Freshconnect, Freshinbox, Freshsuccess, Freshping or Freshstatus and/or any new services that Provider may introduce as Service(s) to which Customer may subscribe to and any Updates, modifications or improvements to the Service(s), including individually and collectively, Software, the API and any Documentation, but exclude any Apps or APIs that belong to third parties. Software: means software provided by Freshworks (either by download or access through the internet) that allows Customer to use any functionality in connection with the Service(s) and includes Mobile Application(s), but excludes any Apps or APIs that belong to third parties. P-22-299 Agreement "User": means an individual who is authorized by Customer to use the Service(s) including an Account administrator, employees, consultants, contractors, and agents of Customer, and third parties with which Customer transacts business. `freshworks .. COMPANY v CONNECT WITH US v Copyright © Freshworks Inc. All Rights Reserved