Revision Date: October 14, 2021

CCPA Data Processing Addendum

This Data Processing Addendum (“DPA”) amends and forms part of the Armis General Terms and Conditions (the “Agreement”) between Armis Inc. (“Company”) and Customer as identified in the Agreement (“Customer”). This DPA prevails over any conflicting term of the Agreement but does not otherwise modify the Agreement.

1. Definitions. For the purposes of this DPA–

1.1. The capitalized terms used in this DPA and not otherwise defined in this DPA shall have the definitions set forth in the California Consumer Privacy Act of 2018 (California Civil Code §§ 1798.100 to 1798.199) and its implementing regulations, as amended or superseded from time to time (“CCPA”).

2. Roles and Scope.

2.1. This DPA applies only to the Collection, retention, use, disclosure, and Sale of Personal Information provided by Customer to, or which is Collected on behalf of Customer by, Company to provide Services to Customer pursuant to the Agreement or to perform a Business Purpose (“Customer Personal Information”).

2.2. The Parties acknowledge and agree that Customer is a Business and appoints Company as a Service Provider to process Customer Personal Information on behalf of Customer.

3. Restrictions on Processing.

3.1. Except as otherwise permitted by the CCPA, Company is prohibited from (i) retaining, using, or disclosing Customer Personal Information for any purpose other than for the specific purpose of performing the Services specified in the Agreement for Customer, as set out in this DPA and (ii) further Collecting, Selling, or using Customer Personal Information except as necessary to perform the Services.

4. Notice.

Customer represents and warrants that it has provided notice that Customer Personal Information is being used or shared consistent with Customer’s requirements under the CCPA.

5. Consumer Rights.

Company shall provide commercially reasonable assistance to Customer for the fulfillment of Customer’s obligations to respond to CCPA-related Consumer rights requests regarding Customer Personal Information.

6. Security.

Company will maintain commercially reasonable administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of Customer Personal Information as set forth in the security documents and reports, as updated from time to time, available via Armis’ Trust Portal.

7. CCPA Exemption.

Notwithstanding any provision to the contrary of the Agreement or this DPA, the terms of this DPA shall not apply to Company’s processing of Customer Personal Information that is exempt from the CCPA, including under Cal. Civ. Code 1798.145(a).

8. Changes to Applicable Privacy Laws.

The Parties agree to cooperate in good faith to enter into additional terms to address any modifications, amendments, or updates to applicable statutes, regulations or other laws pertaining to privacy and information security, including, where applicable, the CCPA.