Data Processing Addendum for Looker Professional Services

These Terms reflect the parties' agreement with respect to the processing and security of Customer Personal Data for Services that are subject to the Looker Services Schedule - Professional Services Addendum ("Agreement"). This Addendum does not apply to the processing or security of Customer's data or results by the Looker Application; Customer's Looker Application Agreement governs such processing and security.

These Data Processing and Security Terms for Looker Professional Services, including the appendices (the "Terms"), will be effective and replace any previously applicable data processing and security terms as from the Terms Effective Date (as defined below). These Terms supplement the Agreement.

2.1 Capitalized terms defined in the Agreement apply to these Terms. In addition, in these Terms:

• Agreed Liability Cap means the maximum monetary or payment-based amount at which a party's liability is capped under the Agreement.
• Customer Data means "Customer Data" as defined in the Looker Application Agreement that is (a) provided by or on behalf of Customer to Looker via a Customer Instance of the Looker Application specifically in order for Customer to receive the Services under the Agreement and (b) that is processed by Looker Personnel performing Services under this Agreement.
• Customer Personal Data means the personal data contained within the Customer Data.
• Data Incident means a breach of Looker's security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Personal Data on systems managed by or otherwise controlled by Looker.
• Data Transfer Solution means a solution (for example, Model Contract Clauses or Privacy Shield) that enables the lawful transfer of personal data to a third country in accordance with European Data Protection Law.
• EEA means the European Economic Area.
• EU GDPR means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
• European Data Protection Law means, as applicable: (a) the GDPR; and/or (b) the Federal Data Protection Act of 19 June 1992 (Switzerland).
• European or National Law means, as applicable: (a) EU or EU Member State law (if the EU GDPR applies to the processing of Customer Personal Data); and/or (b) the law of the UK or a part of the UK (if the UK GDPR applies to the processing of Customer Personal Data).
• GDPR means, as applicable: (a) the EU GDPR; and/or (b) the UK GDPR.
• Instance means an authorized deployment of downloadable tools, including the licensed Looker data platform and other computer software provided by Looker, installed on a single operating system.
• Looker Application means an integrated platform that includes optional cloud-based infrastructure as well as software components (which may include associated APIs) and enables businesses to analyze data and define business metrics across multiple data sources.
• Looker Application Agreement means an effective agreement between Customer and Looker governing Customer's use of the Looker Application, which includes the Looker Data Processing and Security Terms (available at https://looker.com/trust-center/legal/customers/dpst).
• Looker's Third Party Auditor means a Looker-appointed, qualified and independent third party auditor, whose then-current identity Looker will disclose to Customer.
• Model Contract Clauses or MCCs mean the standard data protection clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the EU GDPR.
• Non-European Data Protection Law means data protection or privacy laws in force outside the European Economic Area, Switzerland and the UK.
• Notification Email Address means the email address(es) designated by Customer in the Order Form that is part of the Looker Application Agreement to receive certain notifications from Looker. Customer is responsible for giving Looker timely notice of any changes to the email address(es) so designated and for ensuring that its Notification Email Address remains current and valid.
• Privacy Shield means, as applicable, the EU-U.S. Privacy Shield legal framework, the Swiss-U.S. Privacy Shield legal framework, and any equivalent legal framework that may apply between the UK and the United States.
• Security Measures has the meaning given in Section 7.1.1 (Looker's Security Measures).
• Services means advisory and consulting services described in an Order Form, including a Statement of Work or applicable Service Package description (available at https://looker.com/trust-center/legal/customers/professional-services-packages).
• Sub-processors means a third party authorized as another processor under Section 11 (Looker sub-processors) to have access to and process Customer Personal Data to provide parts of the Services.
• Supervisory Authority means, as applicable: (a) a "supervisory authority" as defined in the EU GDPR; and/or (b) the "Commissioner" as defined in the UK GDPR.
• Term means the period from the Terms Effective Date until the end of Looker's provision of the Services.
• Terms Effective Date means the date on which Customer accepted, or the parties otherwise agreed to, these Terms.
• Transferred Personal Data has the meaning given in Section 10.2.1 (Looker's Transfer Obligations).
• UK GDPR means the EU GDPR as amended and incorporated into UK law under the UK European Union (Withdrawal) Act 2018, if in force.

2.2 The terms "personal data", "data subject", "processing", "controller" and "processor" as used in these Terms have the meanings given in the GDPR irrespective of whether European Data Protection Law or Non-European Data Protection Law applies.

These Terms will, notwithstanding any earlier expiry of the Term, remain in effect until, and automatically expire upon, termination of Looker's access to Customer Personal Data in Customer's Instance of the Looker Application.

4.1 Application of European Law. The parties acknowledge that European Data Protection Law will apply to the processing of Customer Personal Data if, for example:

a. the processing is carried out in the context of the activities of an establishment of Customer in the territory of the EEA or the UK; and/or

b. the Customer Personal Data is personal data relating to data subjects who are in the EEA or the UK and the processing relates to the offering to them of goods or services in the EEA or the UK, or the monitoring of their behavior in the EEA or the UK.

4.2 Application of Non-European Law. The parties acknowledge that Non-European Data Protection Law may also apply to the processing of Customer Personal Data.

4.3 Application of Terms. Except to the extent these Terms state otherwise, these Terms will apply irrespective of whether European Data Protection Law or Non-European Data Protection Law applies to the processing of Customer Personal Data.

5.1 Roles and Regulatory Compliance; Authorization.

5.1.1 Processor and Controller Responsibilities. If European Data Protection Law applies to the processing of Customer Personal Data:

a. the subject matter and details of the processing are described in Appendix 1;

b. Looker is a processor of that Customer Personal Data under European Data Protection Law;

c. Customer is a controller or processor, as applicable, of that Customer Personal Data under European Data Protection Law; and

d. each party will comply with the obligations applicable to it under European Data Protection Law with respect to the processing of that Customer Personal Data.

5.1.2 Authorization by Third Party Controller. If European Data Protection Law applies to the processing of Customer Personal Data and Customer is a processor, Customer warrants that its instructions and actions with respect to that Customer Personal Data, including its appointment of Looker as another processor, have been authorized by the relevant controller.

5.1.3 Responsibilities under Non-European Law. If Non-European Data Protection Law applies to either party's processing of Customer Personal Data, the relevant party will comply with any obligations applicable to it under that law with respect to the processing of that Customer Personal Data.

5.2 Scope of Processing.

5.2.1 Customer's Instructions. Customer instructs Looker to process Customer Personal Data only: (a) when accessing such data in Customer's Instance of the Looker Application and, for clarity, Looker may not process any Customer Personal Data outside such Instance; (b) in accordance with applicable law; (c) to provide the Services; (d) as documented in the form of the Agreement, including an applicable Order Form, Statement of Work, Service Package description, and these Terms; and (e) as further documented in any other written instructions given by Customer and acknowledged by Looker as constituting instructions for purposes of these Terms.

5.2.2 Looker's Compliance with Instructions. Looker will comply with the instructions described in Section 5.2.1 (Customer's Instructions) (including with regard to data transfers) unless European or National Law to which Looker is subject requires other processing of Customer Personal Data by Looker, in which case Looker will notify Customer (unless that law prohibits Looker from doing so on important grounds of public interest) before such other processing.

6.1 Deletion by Customer. Taking into account the nature of the processing of Customer Personal Data under the Agreement, the parties' respective rights and obligations with respect to deletion of Customer Personal Data after expiry of the Term are addressed in the Looker Application Agreement.

7.1 Looker's Security Measures, Controls and Assistance.

7.1.1 Looker's Security Measures. Taking into account the nature of the processing of Customer Personal Data under the Agreement, Looker will implement and maintain technical and organizational measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access as described in Appendix 2 (the "Security Measures").

7.1.2 Security Compliance by Looker Staff. Looker will: (a) take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and sub-processors to the extent applicable to their scope of performance, and (b) ensure that all persons authorized to process Customer Personal Data are under an obligation of confidentiality.

7.1.3 Looker's Security Assistance. Taking into account the nature of the processing of Customer Personal Data under the Agreement, Looker will assist Customer in ensuring compliance with its obligations under Articles 32 to 34 of the GDPR with respect to Customer Personal Data as described in the Looker Application Agreement.

7.2 Data Incidents.

7.2.1 Incident Notification. Looker will notify Customer promptly and without undue delay after becoming aware of a Data Incident, and promptly take reasonable steps to minimize harm and secure Customer Personal Data.

7.2.2 Details of Data Incident. Looker's notification of a Data Incident will describe, to the extent possible, the nature of the Data Incident, the measures taken to mitigate the potential risks and the measures Looker recommends Customer take to address the Data Incident.

7.2.3 Delivery of Notification. Notification(s) of any Data Incident(s) will be delivered to the Notification Email Address, or, at Looker's discretion, by direct communication (for example, by phone call or an in-person meeting).

7.2.4 No Assessment of Customer Data by Looker. Looker has no obligation to assess Customer Data to identify information subject to any specific legal requirements.

7.2.5 No Acknowledgement of Fault by Looker. Looker's notification of or response to a Data Incident under this Section 7.2 (Data Incidents) will not be construed as an acknowledgement by Looker of any fault or liability with respect to the Data Incident.

7.3 Customer's Security Responsibilities and Assessment.

7.3.1 Customer's Security Responsibilities. Without prejudice to Looker's obligations under Sections 7.1 (Looker's Security Measures, Controls and Assistance) and 7.2 (Data Incidents) and elsewhere in the Agreement, Customer is responsible for its use of the Services. Customer's responsibilities under this Section 7.3.1 (Customer's Security Responsibilities) include, without limitation:

a. using the Services to ensure a level of security appropriate to the risk in respect of the Customer Personal Data;

b. administering, managing access to and securing the account authentication credentials, systems, software, networks and devices that Customer uses to receive, or authorizes to be accessed by Looker Personnel to provide the Services;

c. backing up its Customer Data as appropriate;

d. providing Looker with appropriate notice before providing Looker with access to Customer Personal Data;

e. minimizing the amount of Customer Personal Data provided by or on behalf of Customer to Looker;

f. providing instructions on Looker's use and processing of Customer Personal Data; and

g. to the extent access to Customer Personal Data is within Customer's control, terminating Looker's access to Customer Personal Data on the earlier of completion of the Services or the purpose for which Customer Personal Data is provided to Looker.

7.3.2 Customer's Security Assessment. Customer agrees, based on its current and intended use of the Services, that the Services, Security Measures, and Looker's commitments under this Section 7 (Data Security), and Section 11 (Looker sub-processors): (a) meet Customer's needs, including with respect to any security obligations of Customer under European Data Protection Law and/or Non-European Data Protection Law, as applicable, and (b) provide a level of security appropriate to the risk in respect of the Customer Data.

7.4 Compliance Certification and SOC Report. Taking into account the nature of the processing of Customer Personal Data under the Agreement, Looker's security certifications with respect to the Looker Application are addressed in the Looker Application Agreement.

7.5 Reviews and Audits of Compliance. Taking into account the nature of the processing of Customer Personal Data under the Agreement, Customer's audit rights with respect to Customer Personal Data are addressed in the Looker Application Agreement.

Looker will (taking into account the nature of the processing and the information available to Looker) assist Customer in ensuring compliance with its obligations under Articles 35 and 36 of the GDPR, by:

a. providing the "Security Documentation" as defined and described in the Looker Application Agreement with respect to Customer Personal Data; and

b. providing the information contained in the Agreement including these Terms.

9.1 Access; Rectification; Restricted Processing; Portability. Taking into account the nature of the processing of Customer Personal Data under the Agreement, Customer to access, rectify and restrict processing of Customer Personal Data is addressed in the Looker Application Agreement.

9.2 Data Subject Requests. Taking into account the nature of the processing of Customer Personal Data under the Agreement, Looker will assist Customer in fulfilling its obligations under Chapter III of the GDPR to respond to requests for exercising the data subject's rights as described in the Looker Application Agreement.

10.1 Data Storage and Processing Facilities. Looker may store and process Customer Data anywhere the Looker Application stores and processes data under the Looker Application Agreement.

10.2 Transfers of Data.

10.2.1 Looker's Transfer Obligations. If the storage and/or processing of Customer Personal Data involves transfers of Customer Personal Data out of the EEA, Switzerland or the UK, and European Data Protection Law applies to the transfers of such data ("Transferred Personal Data"), Looker will:

a. offer at least one Data Transfer Solution in respect of such data;

b. ensure that the transfers are made in accordance with such Data Transfer Solution(s); and

c. make information available to Customer about such Data Transfer Solution(s).

10.2.2 Customer's Transfer Obligations. In respect of Transferred Personal Data, Customer will:

a. if the sole Data Transfer Solution offered by Looker is Model Contract Clauses, enter into such Model Contract Clauses as the exporter of such data; and

b. if strictly required to give effect to the sole Data Transfer Solution offered by Looker, take any action (which may include execution of documents) reasonably requested by Looker for such purpose.

10.3 Disclosure of Confidential Information Containing Personal Data. If Looker and Customer have entered into Model Contract Clauses under Section 10.2 (Transfers of Data), Looker will, notwithstanding any term to the contrary in the Agreement, ensure that any disclosure of Customer's Confidential Information containing personal data, and any notifications relating to any such disclosures, will be made in accordance with such Model Contract Clauses.

11.1 Consent to Sub-processors Engagement. Customer specifically authorizes the engagement as sub-processors of: (a) any third party entity listed as a subcontractor in an applicable Order Form, Statement of Work, or other confirmation provided to Customer before commencement of Services; and (b) all other Looker Affiliates from time to time. In addition, without prejudice to Section 11.4 (Opportunity to Object to Looker Sub-processor Changes), Customer generally authorizes the engagement as sub-processors of any other third parties ("New Looker sub-processors(s)").

11.2 Information about sub-processors. Information about sub-processors, including their functions and locations, will be made available to Customer at Customer's request.

11.3 Requirements for Sub-processor Engagement. Before engaging any Sub-processor, Looker will ensure that the Sub-processor's security and privacy practices are assessed to verify that the Sub-processor provides a level of security and privacy appropriate to the data it will access and the services it will provide. In addition, when engaging any Sub-processor, Looker will:

a. ensure via a written contract that:

i. the Sub-processor only accesses and uses Customer Personal Data as required to perform the obligations subcontracted to it and in accordance with the Agreement (including these Terms) and the Data Transfer Solution(s);

ii. if the GDPR applies to the processing of Customer Personal Data, data protection obligations equivalent to those referred to in Article 28(3) of the GDPR are imposed on the Sub-processor;

b. remain fully liable for all obligations subcontracted to, and all acts and omissions of, the Sub-processor.

11.4 Opportunity to Object to Looker Sub-processor Changes.

a. When any New Looker Sub-processor is engaged during the Term, Looker will notify Customer of the engagement of the New Looker Sub-processor before the New Sub-processor processes Customer Personal Data.

b. Customer may object to the New Looker Sub-processor and request a change of Personnel in accordance with the Agreement. The parties will work in good faith to determine a satisfactory alternative.

13.1 Looker's Data Protection Team. Looker's Data Protection Team can be contacted at looker-data-protection@google.com (and/or via such other means as Looker may provide from time to time).

13.2 Looker's Processing Records. To the extent the GDPR requires Looker to collect and maintain records of certain information relating to Customer, Customer will, where requested, supply such information to Looker and give Looker timely notice of any changes to such information to ensure that Looker's records remain accurate and up-to-date. Looker may make any such information available to the Supervisory Authorities if required by the GDPR.

14.1 Liability Cap. If Model Contract Clauses have been entered into under Section 10 (Transfers of Data) then, subject to Section 14.2 (Liability Cap Exclusions), the total combined liability of either party and its Affiliates towards the other party and its Affiliates under or in connection with the Agreement and such Model Contract Clauses combined will be limited to the Agreed Liability Cap for the relevant party.

14.2 Liability Cap Exclusions. Nothing in Section 14.1 (Liability Cap) will affect the remaining terms of the Agreement relating to liability (including any specific exclusions from any limitation of liability).

Notwithstanding anything to the contrary in the Agreement, to the extent of any conflict or inconsistency between these Terms and the remaining terms of the Agreement, these Terms will govern.

Subject Matter

Looker's provision of the Services to Customer.

Duration of the Processing

The Term plus the period from the expiry of the Term until termination of Looker's access to Customer Data by Looker or Customer in accordance with the Terms.

Nature and Purpose of the Processing

Looker will process Customer Personal Data as required to provide the Services, which may include:

Strategy Session

• Review project goals and objectives
• Identify initial business use cases
• Review and document business metrics and data mapping for initial business use cases
• Document data security requirements

Technical Setup Review

Provide advice and guidance on key decision points on how Looker will be set up for development and production environments.

Looker Deployment Setup

Assist customer team with initial setup of Looker based on information and decisions from the Technical Setup Review. Ensure security and permissions best practices are followed.

Looker Model Development

Assist customer development team with the build out of the initial use case.

• Demonstrate and share best practices and advice on LookML model development
• Provide guidance on building user-friendly Explores and dashboard drill paths
• Drive optimum feature usage

Co-development Sessions

Build developer and administrator skills with the Customer development team.

Looker Content Development

Assist with the creation of dashboards and Looks for your use cases. Illustrate best practices for managing content access and curation.

Project Management Sessions

Regular project management sessions geared towards team alignment, removing obstacles, and ensuring project progress

Business User Training

Enable customer business analysts to get insights from Looker.

Summary of Next Steps

Review and summarize your team's key decisions, dependencies, issues, and lessons learned. Identify your open questions, action items, and recommended next steps for ongoing Looker development.

Categories of Data

Data relating to individuals provided to Looker by (or at the direction of) Customer to receive the Services.

Data Subjects

Data subjects include the individuals about whom data is provided to Looker by (or at the direction of) Customer to receive the Services.

1. Looker Application. Looker will only access and process Customer Personal Data provided by or on behalf of Customer to Looker via a Customer Instance of the Looker Application. Customer's use of the Looker Application is governed by Customer's Looker Application Agreement, including any security measures applicable to the Looker Application.

2. Internal Data Access Processes and Policies – Access Policy. Looker's internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. Looker designs its systems to (i) only allow authorized persons to access data they are authorized to access; and (ii) ensure that personal data cannot be read, copied, altered or removed without authorization during processing, use and after recording. The systems are designed to detect any inappropriate access. Looker employs a centralized access management system to control personnel access to production servers, and only provides access to a limited number of authorized personnel. Looker's authentication and authorization systems utilize SSH certificates and security keys, and are designed to provide Looker with secure and flexible access mechanisms. These mechanisms are designed to grant only approved access rights to site hosts, logs, data and configuration information. Looker requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel's job responsibilities; job duty requirements necessary to perform authorized tasks; and a need to know basis. The granting or modification of access rights must also be in accordance with Looker's internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies that follow at least industry standard practices are implemented. These standards include restrictions on password reuse and sufficient password strength.

3. Personnel Security. Looker personnel are required to conduct themselves in a manner consistent with the company's guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Google conducts reasonably appropriate background checks to the extent legally permissible and in accordance with applicable local labor law and statutory regulations.

Personnel are required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Google's confidentiality and privacy policies. Personnel are provided with security training. Personnel handling Customer Data are required to complete additional requirements appropriate to their role (e.g., certifications). Google's personnel will not process Customer Data without authorization.

4. Additional Security Measures. Looker and Customer may agree to additional security measures in the applicable Order Form, including any attached SOW, for the Services.