Unless otherwise defined in this Service Schedule for CS VOC (this “Service Schedule”), capitalized terms will have the meaning given to them in the Agreement. This Service Schedule shall be applicable to all licensing of CS VOC.

A. ADDITIONAL AGREEMENTS

Solely for the purposes of the CS Service “Voice of Customer” (and no other CS Service), the Parties agree that:

1. The definition of “CS Security Safeguards” in the MSA shall be replaced with:

   “CS Security Safeguards” means the Contentsquare security standards set forth in Section B below. All references to the CS Security Safeguards in the MSA shall be referenced solely to these standards.

2. Section 5.4(d) (Customer Data, Personal Data, Visitor Data) of the MSA shall be deleted in its entirety.

3. Section 5.4 (e) (Customer Data, Personal Data, Visitor Data) of the MSA shall be added to the MSA:

4. “The Customer retains a general right of instruction as to the scope of “Permitted Personal Data” processing, which may be supplemented with individual instructions so long as they comply with Applicable Data Protection Laws. Instructions are deemed to be provided by the Customer by way of selecting the desired product and/or the desired configuration of the product settings or by way of instructions communicated in writing to legal@contentsquare.com.”

5. “Response” means an answer left by a Visitor on a VOC survey on the Customer website.

6. All data is stored in Ireland, EU, on Amazon Web Services infrastructure.

B. CS SECURITY SAFEGUARDS FOR CS VOC

1. Contentsquare designates a fully qualified employee to coordinate with Customer and provide to Customer, as needed, all information reasonably requested in writing by Customer concerning the processing, storage and protection of Customer Data.

2. Contentsquare has implemented and maintains a written data information security program for the protection of Customer Data that included appropriate organizational, administrative, technical and physical safeguards and other security measures that are industry standard and commensurate with the nature of the Customer Data processed by Contentsquare (the “Information Security Program”). Contentsquare’s Information Security Program includes regular training of its personnel on those policies, hiring and exit procedures including regular risk assessment of the risks to the security of Customer Data, and shall be updated as necessary with changes in any applicable law. Contentsquare reserves the right to and may update or modify such measures from time to time provided that such updates or modifications do not result in any material degradation to the security of Customer Data. Contentsquare shall deliver updates on incidents and its security program through its security portal at trust.contentsquare.com. Customer agrees to subscribe to such portal for such updates.

3. Contentsquare implements appropriate physical, technical and organizational measures to ensure a level of security appropriate to the risk presented by processing Customer Data, in particular from unlawful and unauthorized destruction, loss, disclosure, or access to Customer Data, stored or otherwise processed by Contentsquare (“Security Breach”), including, inter alia, as appropriate: (i) implementation of reasonable and sufficient physical barriers and controls to prevent unauthorized physical access to, or compromise of Customer Data by human or environmental causes; (ii) ensuring that only those authorized Contentsquare representatives gain access to the Customer Data, and taking commercially reasonable steps to prevent unauthorized access to or destruction or loss of any Customer Data; and (iii) maintaining a secure processing environment for Customer Data, which includes: (a) timely application of anti-virus updates, system patches, fixes and updates to all operating systems and applications, the implementation of firewalls and other similar measures designed to ensure the confidentiality, integrity, and availability of Customer Data; (b) encryption of all Customer Data at all times in transit and at rest, using and deploying a commercially acceptable encryption solution; and (c) secure email for all Contentsquare domains.

4. If at any time Contentsquare determines that any individual or entity has attempted to circumvent or has circumvented the security of any computer, system, or device containing Customer Data, or that there has been a Security Breach (each, an “Incident”), Contentsquare shall: (a) immediately terminate any unauthorized access and within forty-eight (48) hours notify Customer in writing of such Incident; (b) promptly investigate and take reasonable steps to remediate the Incident; and (c) cooperate with Customer in the investigation of the Incident, and provide documentation and assistance as may reasonably be requested by Customer, or law enforcement and regulators.