Last Updated: 5 Oct 2023
This Data Protection Addendum (“Addendum”) forms part of the agreement between Customer and CustomerOS covering Customer’s use of the Services (as defined below) (“Agreement”).
“Applicable Data Protection Law” means all laws and regulations applicable to CustomerOS’s processing of personal data under the Agreement.
“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Customer Account Data” means personal data that relates to Customer’s relationship with CustomerOS, including the names or contact information of individuals authorized by Customer to access Customer’s account, and billing information of individuals that Customer has associated with its account. Customer Account Data also includes any personal data CustomerOS may need to collect for the purpose of identity verification (including providing the Multi-Factor Authentication Services, as defined below), or as part of its legal obligation to retain Subscriber Records (as defined below).
“Customer Content” means (a) personal data exchanged as a result of using the Services (as defined below), such as text message bodies, voice and video media, images, email bodies, email recipients, sound, and, where applicable, details Customer submits to the Services from its designated software applications and services and (b) data stored on Customer’s behalf such as communication logs within the Services or marketing campaign data that Customer has uploaded to the Services (as defined below).
“Customer Data” has the meaning given in the Agreement. Customer Data includes Customer Account Data, Customer Usage Data, Customer Content, and Sensitive Data, each as defined in this Addendum.
“Multi-Factor Authentication Services” means the provision of a portion of the Services under which Customer adds an additional factor for verification of Customer’s end users’ identity in connection with such end users’ use of Customer’s software applications or services.
“Personal Data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processor” means the entity which processes personal data on behalf of the controller.
“Processing” (and “Process”) means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
“Security Incident” means a confirmed or reasonably suspected accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data.
“Sensitive Data” means (a) social security number, passport number, driver’s license number, or similar identifier (or any portion thereof); (b) credit or debit card number (other than the truncated (last four digits) of a credit or debit card), financial information, banking account numbers or passwords; (c) employment, financial, genetic, biometric or health information; (d) racial, ethnic, political or religious affiliation, trade union membership, or information about sexual life or sexual orientation; (e) account passwords, mother’s maiden name, or date of birth; (f) criminal history; or (g) any other information or combinations of information that falls within the definition of “special categories of data” under GDPR (as defined below) or any other applicable law or regulation relating to privacy and data protection.
“Services” means the products and services provided by CustomerOS or its Affiliates, as applicable, that are (a) used by Customer, including, without limitation, products and services that are on a trial basis or otherwise free of charge or (b) ordered by Customer under an order form.
“Sub-processor” means (a) CustomerOS, when CustomerOS is processing Customer Content and where Customer is a processor of such Customer Content or (b) any third-party processor engaged by CustomerOS to process Customer Content in order to provide the Services to Customer.
“Third Party Request” means any request, correspondence, inquiry, or complaint from a data subject, regulatory authority, or third party.
“CustomerOS Privacy Notice” means the privacy notice for the Services, the current version of which is available at https://customeros.ai/legal/privacy-policy
Any capitalized term not defined in this Section 1 will have the meaning provided in this Addendum or the Agreement.
Customer and CustomerOS agree that with regard to the processing of Customer Content, Customer may act either as a controller or processor and CustomerOS is a processor. CustomerOS will process Customer Content in accordance with Customer’s instructions as set forth in Section 5 (Customer Instructions).
Customer and CustomerOS acknowledge that, with regard to the processing of Customer Account Data, Customer is a controller and CustomerOS is an independent controller, not a joint controller with Customer. CustomerOS will process Customer Account Data as a controller in order to (a) manage the relationship with Customer; (b) carry out CustomerOS’s core business operations, such as accounting and filing taxes; (c) detect, prevent, or investigate security incidents, fraud, and other abuse or misuse of the Services; (d) perform identity verification; (e) comply with CustomerOS’s legal or regulatory obligations; and (f) as otherwise permitted under Applicable Data Protection Law and in accordance with this Addendum, the Agreement, and the CustomerOS Privacy Notice.
CustomerOS will process personal data in order to provide the Services in accordance with the Agreement. Schedule 1 (Details of Processing) of this Addendum further specifies the nature and purpose of the processing, the processing activities, the duration of the processing, the types of personal data and categories of data subjects.
Customer is responsible for ensuring that (a) it has complied, and will continue to comply, with Applicable Data Protection Law in its use of the Services and its own processing of personal data and (b) it has, and will continue to have, the right to transfer, or provide access to, personal data to CustomerOS for processing in accordance with the terms of the Agreement and this Addendum.
Customer appoints CustomerOS as a processor to process Customer Content on behalf of, and in accordance with, Customer’s instructions (a) as set forth in the Agreement, this Addendum, and as otherwise necessary to provide the Services to Customer, and which includes investigating security incidents, fraudulent activity, and violations of the CustomerOS Acceptable Use Policy, the current version of which is available at https://customeros.ai/legal/aup, and detecting and preventing software exploits or abuse; (b) as necessary to comply with applicable law or regulation, including Applicable Data Protection Law; and (c) as otherwise agreed in writing between Customer and CustomerOS (“Permitted Purposes”).
Customer will ensure that its instructions comply with Applicable Data Protection Law. Customer acknowledges that CustomerOS is neither responsible for determining which laws or regulations are applicable to Customer’s business nor whether CustomerOS’s provision of the Services meets or will meet the requirements of such laws or regulations. Customer will ensure that CustomerOS’s processing of Customer Content, when done in accordance with Customer’s instructions, will not cause CustomerOS to violate any applicable law or regulation, including Applicable Data Protection Law. CustomerOS will inform Customer if it becomes aware, or reasonably believes, that Customer’s instructions violate any applicable law or regulation, including Applicable Data Protection Law.
Additional instructions outside the scope of the Agreement or this Addendum will be agreed to in writing between Customer and CustomerOS, including any additional fees that may be payable by Customer to CustomerOS for carrying out such additional instructions.
In the event any Third Party Request is made directly to CustomerOS in connection with CustomerOS’s processing of Customer Content, CustomerOS will promptly inform Customer and provide details of the same, to the extent legally permitted. CustomerOS will not respond to any Third Party Request without Customer’s prior consent, except as legally required to do so or to confirm that such Third Party Request relates to Customer.
CustomerOS will ensure that any person it authorizes to process Customer Content has agreed to protect personal data in accordance with CustomerOS's confidentiality obligations in the Agreement.
Customer provides a general authorization for CustomerOS to engage onward sub-processors that is conditioned on the following requirements:
(a) CustomerOS will restrict the onward sub-processor’s access to Customer Content only to what is strictly necessary to provide the Services, and CustomerOS will prohibit the sub-processor from processing the personal data for any other purpose;
(b) CustomerOS agrees to impose contractual data protection obligations, including appropriate technical and organizational measures to protect personal data, on any sub-processor it appoints that require such sub-processor to protect Customer Content to the standard required by Applicable Data Protection Law; and
(c) CustomerOS will remain liable for any breach of this Addendum that is caused by an act, error, or omission of its sub-processors.
Customer consents to CustomerOS engaging third party sub-processors to process Customer Content within the Services for the Permitted Purposes provided that CustomerOS maintains an up-to-date list of its sub-processors which is available upon request.
Customer may object to CustomerOS’s appointment or replacement of a sub-processor, provided such objection is in writing and based on reasonable grounds relating to data protection. In such an event, Customer and CustomerOS agree to discuss commercially reasonable alternative solutions in good faith. If Customer and CustomerOS cannot reach a resolution within ninety (90) days from the date of CustomerOS’s receipt of Customer’s written objection, Customer may discontinue the use of the affected Services by providing written notice to CustomerOS. Such discontinuation will be without prejudice to any fees incurred by Customer prior to the discontinuation of the affected Services. If no objection has been raised within fifteen (15) days of CustomerOS replacing or appointing a new sub-processor, CustomerOS will deem Customer to have authorized the new sub-processor.
CustomerOS provides Customer with a number of self-service features via the Services, including the ability to delete, obtain a copy of, or restrict use of Customer Content. Customer may use such self-service features to assist in complying with its obligations under Applicable Data Protection Law with respect to responding to Third Party Requests from data subjects via the Services at no additional cost. Upon Customer’s request, CustomerOS will provide reasonable additional and timely assistance to Customer in complying with Customer's data protection obligations with respect to data subject rights under Applicable Data Protection Law to the extent Customer does not have the ability to resolve a Third Party Request from a data subject through self-service features made available via the Services.
CustomerOS will provide reasonable cooperation to Customer in connection with any data protection impact assessment (at Customer’s expense only if such reasonable cooperation will require CustomerOS to assign significant resources to that effort) or consultations with regulatory authorities that may be required in accordance with Applicable Data Protection Law.
CustomerOS will, in accordance with Section 3 (Duration of the Processing) of Schedule 1 (Details of Processing) of this Addendum, delete or return to Customer any Customer Content stored within the Services.
Upon termination of the Agreement, CustomerOS may retain Customer Content in storage for the time periods set forth in Schedule 1 (Details of Processing) of this Addendum, provided that CustomerOS will ensure that Customer Content (a) is processed only as necessary for the Permitted Purposes and (b) remains protected in accordance with the terms of the Agreement, this Addendum, and Applicable Data Protection Law.
Notwithstanding anything to the contrary in this Section 10, CustomerOS may retain Customer Content, or any portion of it, if required by applicable law or regulation, including Applicable Data Protection Law, provided such Customer Content remains protected in accordance with the terms of the Agreement, this Addendum, and Applicable Data Protection Law.
CustomerOS has implemented and will maintain the technical and organizational security measures as set forth in the Agreement. Additional information about CustomerOS’s technical and organizational security measures is available upon request.
Customer acknowledges the Services include certain features and functionalities that Customer may elect to use which impact the security of Customer Data processed by Customer’s use of the Services. Customer is responsible for reviewing the information CustomerOS makes available regarding its data security, including its audit reports, and making an independent determination as to whether the Services meet the Customer’s requirements and legal obligations, including its obligations under Applicable Data Protection Law. Customer is further responsible for properly configuring the Services and using features and functionalities made available by CustomerOS to maintain appropriate security in light of the nature of Customer Data processed as a result of Customer’s use of the Services.
CustomerOS will provide notification of a Security Incident in the following manner:
(a) CustomerOS will, to the extent permitted by applicable law or regulation, notify Customer without undue delay, but in no event later than seventy-two (72) hours after CustomerOS’s discovery of a Security Incident impacting Customer Data of which CustomerOS is a processor;
(b) CustomerOS will, to the extent permitted and required by applicable law or regulation, notify Customer without undue delay of any Security Incident involving Customer Data of which CustomerOS is a controller; and
(c) CustomerOS will notify Customer of any Security Incident via email to the email address(es) designated by Customer in Customer’s account.
CustomerOS will make reasonable efforts to identify a Security Incident, and to the extent a Security Incident is caused by CustomerOS’s violation of this Addendum, remediate the cause of such Security Incident. CustomerOS will provide reasonable assistance to Customer in the event that Customer is required under Applicable Data Protection Law to notify a regulatory authority or any data subjects impacted by a Security Incident.
Customer and CustomerOS acknowledge that Customer must be able to assess CustomerOS’s compliance with its obligations under Applicable Data Protection Law and this Addendum, insofar as CustomerOS is acting as a processor on behalf of Customer.
CustomerOS uses external auditors to verify the adequacy of its security measures with respect to its processing of Customer Content. Such audits are performed at least once annually at CustomerOS’s expense by independent third-party security professionals at CustomerOS’s selection and result in the generation of a confidential audit report (“Audit Report”).
Upon Customer’s written request at reasonable intervals, and subject to reasonable confidentiality controls, CustomerOS will make available to Customer a copy of CustomerOS’s most recent Audit Report. Customer agrees that any audit rights granted by Applicable Data Protection Law will be satisfied by these Audit Reports. To the extent that CustomerOS’s provision of an Audit Report does not provide sufficient information or Customer is required to respond to a regulatory authority audit, Customer agrees to a mutually agreed-upon audit plan with CustomerOS that: (a) ensures the use of an independent third party; (b) provides written notice to CustomerOS in a timely fashion; (c) requests access only during business hours; (d) accepts billing to Customer at CustomerOS’s then-current rates; (e) occurs no more than once annually; (f) restricts its findings to only data relevant to Customer; and (g) obligates Customer, to the extent permitted by law or regulation, to keep confidential any information gathered that, by its nature, should be confidential.
In the event that either party receives (a) any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure, and data portability, as applicable) or (b) any Third Party Request relating to the processing of Customer Account Data or Customer Usage Data conducted by the other party, such party will promptly inform such other party in writing. Customer and CustomerOS agree to cooperate, in good faith, as necessary to respond to any Third Party Request and fulfill their respective obligations under Applicable Data Protection Law.
In the event of any conflict or inconsistency among the following documents, the order of precedence will be: (1) the Agreement; and (2) the CustomerOS Privacy Notice. Any claims brought in connection with this Addendum will be subject to the terms and conditions, including, without limitation, the exclusions and limitations set forth in the Agreement.
CustomerOS may update the terms of this Addendum from time to time; provided, however, CustomerOS will provide at least thirty (30) days prior written notice to Customer when an update is required as a result of (a) changes in Applicable Data Protection Law; (b) a merger, acquisition, or other similar transaction; or (c) the release of new products or services or material changes to any of the existing Services. The then-current terms of this Addendum are available at https://customeros.ai/legal/dpa
CustomerOS will process personal data as necessary to provide the Services under the Agreement. CustomerOS does not sell Customer’s personal data or Customer end users’ personal data and does not share such end users’ information with third parties for compensation or for those third parties’ own business interests.
CustomerOS will process Customer Content as a processor in accordance with Customer’s instructions as set forth in Section 5 (Customer Instructions) of this Addendum.
CustomerOS will process Customer Account Data as a controller for the purposes set forth in Section 2.2 (CustomerOS as a Controller of Customer Account Data) of this Addendum.
Personal data contained in Customer Content will be subject to the following basic processing activities:
(a) the provision of programmable software products and services, primarily offered in the form of application programming interfaces, to Customer, including transmittal to or from Customer’s software applications or; services and designated third parties as directed by Customer. Storage of personal data on CustomerOS’s cloud;
(b) the provision of products and services which allow the transmission and delivery of email communications on behalf of Customer to its recipients. CustomerOS will also provide Customer with analytic reports regarding the email communications it sends on Customer's behalf. Storage of personal data on CustomerOS’s cloud; and
(c) the provision of products and services which allows Customer to integrate, manage and control its data relating to end users. Storage of personal data on CustomerOS’s cloud.
Personal data contained in Customer Account Data will be subject to the processing activities of providing the Services.
The period for which personal data will be retained and the criteria used to determine that period is as follows:
(a) Services. Prior to the termination of the Agreement, (x) CustomerOS will process stored Customer Content for the Permitted Purposes until Customer elects to delete such Customer Content via the Services and (y) Customer agrees that it is solely responsible for deleting Customer Content via the Services.
Upon termination of the Agreement, CustomerOS will (i) provide Customer thirty (30) days after the termination effective date to obtain a copy of any stored Customer Content via the Services; (ii) automatically delete any stored Customer Content thirty (30) days after the termination effective date; and (iii) automatically delete any stored Customer Content on CustomerOS’s back-up systems sixty (60) days after the termination effective date. Any Customer Content archived on CustomerOS’s back-up systems will be securely isolated and protected from any further processing, except as otherwise required by applicable law or regulation.
CustomerOS will process Customer Account Data as long as required (a) to provide the Services to Customer; (b) for CustomerOS’s legitimate business needs; or (c) by applicable law or regulation. Customer Account Data will be stored in accordance with the CustomerOS Privacy Notice.
Customer’s end users.
Customer’s employees and individuals authorized by Customer to access Customer’s CustomerOS account.
CustomerOS processes personal data contained in Customer Account Data and Customer Content.
Sensitive Data may, from time to time, be processed via the Services where Customer or its end users choose to include Sensitive Data within the communications that are transmitted using the Services. Customer is responsible for ensuring that suitable safeguards are in place prior to transmitting or processing, or prior to permitting Customer’s end users to transmit or process, any Sensitive Data via the Services.
(a) Customer Account Data does not contain Sensitive Data.
“BCR Services” means all Services.
“EEA” means the European Economic Area
“EU Standard Contractual Clauses” means the Standard Contractual Clauses approved by the European Commission in decision 2021/914.
“CustomerOS BCRs” means CustomerOS’s Binding Corporate Rules representing the data protection policies that are approved by European data protection authorities to enable multinational businesses, such as CustomerOS, to make intra-organisational transfers of personal data across borders in compliance with EU data protection law.
“UK International Data Transfer Agreement” means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued by the UK Information Commissioner, Version B1.0, in force 21 March 2022.
"Data Privacy Framework" means the EU-US and/or Swiss-US Data Privacy Framework self-certification program operated by the US Department of Commerce.
"Data Privacy Principles" means the Data Privacy Framework principles (as supplemented by the Supplemental Principles).
In the event the Services are covered by more than one Transfer Mechanism, the transfer of personal data will be subject to a single Transfer Mechanism, as applicable, and in accordance with the following order of precedence: (a) the Data Privacy Framework as set forth in Section 2.2 (Data Privacy Framework) of this Schedule 2; (b) CustomerOS BCRs as set forth in Section 2.3 (CustomerOS BCRs) of this Schedule 2; (c) the EU Standard Contractual Clauses as set forth in Section 2.4 (EU Standard Contractual Clauses) of this Schedule 2; (d) the UK International Data Transfer Agreement as set forth in Section 2.5 (UK International Data Transfer Agreement) of this Schedule 2; and, if neither (a), (b), (c), nor (d) is applicable, then (e) other applicable data Transfer Mechanisms permitted under Applicable Data Protection Law.
To the extent CustomerOS processes any personal data via the Services originating from the EEA or Switzerland, CustomerOS represents that CustomerOS is self-certified under the Data Privacy Framework and complies with the Data Privacy Principles when processing any such personal data. To the extent that Customer is (a) located in the United States of America and is self-certified under the Data Privacy Framework or (b) located in the EEA or Switzerland, CustomerOS further agrees (i) to provide at least the same level of protection to any personal data as required by the Data Privacy Principles; (ii) to notify Customer in writing, without undue delay, if its self-certification to the Data Privacy Framework is withdrawn, terminated, revoked, or otherwise invalidated (in which case, an alternative Transfer Mechanism will apply in accordance with the order of precedence in Section 2.1 (Order of Precedence) of this Schedule 2; and (iii) upon written notice, to work with Customer to take reasonable and appropriate steps to stop and remediate any unauthorized processing of personal data.
CustomerOS will process personal data within the BCR Services in accordance with the CustomerOS BCRs. Customer and CustomerOS agree that, with respect to the BCR Services, the CustomerOS BCRs will be the lawful Transfer Mechanism of Customer Account Data, Customer Content, and Customer Usage Data from the EEA, Switzerland, or the United Kingdom to (a) CustomerOS in the United States of America or (b) any other non-EEA CustomerOS entity.
The EU Standard Contractual Clauses will apply to personal data that is transferred via the Services from the EEA, Switzerland, Guernsey, or Jersey, either directly or via onward transfer, to any country or recipient outside the EEA, Switzerland, Guernsey, or Jersey that is not (a) recognized by the relevant competent authority as providing an adequate level of protection for personal data and (b) covered by the CustomerOS BCRs. For data transfers that are subject to the EU Standard Contractual Clauses, the EU Standard Contractual Clauses will be deemed entered into, and incorporated into this Addendum by this reference, and completed as follows:
(a) Module One (Controller to Controller) of the EU Standard Contractual Clauses will apply where (i) CustomerOS is processing Customer Account Data and (ii) Customer is a controller of Customer Usage Data and CustomerOS is processing Customer Usage Data;
(b) Module Two (Controller to Processor) of the EU Standard Contractual Clauses will apply where Customer is a controller of Customer Content and CustomerOS is processing Customer Content;
(c) Module Three (Processor to Processor) of the EU Standard Contractual Clauses will apply where Customer is a processor of Customer Content and CustomerOS is processing Customer Content;
(d) Module Four (Processor to Controller) of the EU Standard Contractual Clauses will apply where Customer is a processor of Customer Usage Data and CustomerOS processes Customer Usage Data; and
(e) For each Module, where applicable:
(i) in Clause 7 of the EU Standard Contractual Clauses, the optional docking clause will not apply;
(ii) in Clause 9 of the EU Standard Contractual Clauses, Option 2 will apply and the time period for prior written notice of sub-processor changes will be as set forth in Section 7.2 (Current Sub-processors and Notification of Sub-processor Changes) of this Addendum;
(iii) in Clause 11 of the EU Standard Contractual Clauses, the optional language will not apply;
(iv) in Clause 17 (Option 1), the EU Standard Contractual Clauses will be governed by Irish law;
(v) in Clause 18(b) of the EU Standard Contractual Clauses, disputes will be resolved before the courts of Ireland;
(vi) in Annex I, Part A of the EU Standard Contractual Clauses:
Data Exporter: Customer
Contact details: The email address(es) designated by Customer in Customer’s account via its notification preferences.
Data Exporter Role: The Data Exporter’s role is set forth in Section 2 (Relationship) of this Addendum.
Signature and Date: By entering into the Agreement, Data Exporter is deemed to have signed these EU Standard Contractual Clauses incorporated herein, including their Annexes, as of the effective date of the Agreement.
Data Importer: CustomerOS
Contact details: CustomerOS Privacy Team - privacy@customeros.ai
Data Importer Role: The Data Importer’s role is set forth in Section 2 (Relationship) of this Addendum.
Signature and Date: By entering into the Agreement, Data Importer is deemed to have signed these EU Standard Contractual Clauses, incorporated herein, including their Annexes, as of the effective date of the Agreement;
(vii) in Annex I, Part B of the EU Standard Contractual Clauses:
The categories of data subjects are set forth in Section 4 of Schedule 1 (Details of Processing) of this Addendum.
The Sensitive Data transferred is set forth in Section 6 of Schedule 1 (Details of Processing) of this Addendum.
The frequency of the transfer is a continuous basis for the duration of the Agreement.
The nature of the processing is set forth in Section 1 of Schedule 1 (Details of Processing) of this Addendum.
The purpose of the processing is set forth in Section 1 of Schedule 1 (Details of Processing) of this Addendum.
The period for which the personal data will be retained is set forth in Section 3 of Schedule 1 (Details of Processing) of this Addendum.
(viii) in Annex I, Part C of the EU Standard Contractual Clauses: The Irish Data Protection Commission will be the competent supervisory authority; and
(ix) Schedule 2 (Technical and Organizational Security Measures) of this Addendum serves as Annex II of the EU Standard Contractual Clauses.
Customer and CustomerOS agree that the UK International Data Transfer Agreement will apply to personal data that is transferred via the Services from the United Kingdom, either directly or via onward transfer, to any country or recipient outside of the United Kingdom that is not (a) recognized by the competent United Kingdom regulatory authority or governmental body for the United Kingdom as providing an adequate level of protection for personal data and (b) covered by the CustomerOS BCRs. For data transfers from the United Kingdom that are subject to the UK International Data Transfer Agreement, the UK International Data Transfer Agreement will be deemed entered into, and incorporated into this Addendum by this reference, and completed as follows:
(a) In Table 1 of the UK International Data Transfer Agreement, Customer's and CustomerOS's details and key contact information are set forth in Section 2.4 (e)(vi) of this Schedule 2;
(b) In Table 2 of the UK International Data Transfer Agreement, information about the version of the Approved EU SCCs, modules, and selected clauses, which the UK International Data Transfer Agreement is appended to, are set forth in Section 2.4 (EU Standard Contractual Clauses) of this Schedule 2;
(c) In Table 3 of the UK International Data Transfer Agreement:
(i) The list of Parties is set forth in Section 2.4(e)(vi) of this Schedule 2.
(ii) The description of the transfer is set forth in Section 1 (Nature and Purpose of the Processing) of Schedule 1 (Details of the Processing).
(iii) Annex II is located in Schedule 2 (Technical and Organizational Security Measures) of this Addendum.
(d) In Table 4 of the UK International Data Transfer Agreement, both the Importer and the exporter may end the UK International Data Transfer Agreement in accordance with the terms of the UK International Data Transfer Agreement.
To the extent there is any conflict or inconsistency between the EU Standard Contractual Clauses or UK International Data Transfer Agreement and any other terms in this Addendum, the Agreement, or the CustomerOS Privacy Notice, the provisions of the EU Standard Contractual Clauses or UK International Data Transfer Agreement, as applicable, will prevail.
