This Data Processing Addendum, including its Schedules (“DPA”), forms part of the agreement or other written or electronic agreement between Glance Networks, Inc. (“Glance”) and (“Customer”) the purchase and/or use of online services (including associated Glance components) from Glance (identified either as “Services” or otherwise in the applicable agreement, and hereinafter defined as “Services” (the “Agreement”) to reflect the parties’ agreement with regard to the Processing of Customer Data. For the sake of clarity, “Services”, in addition to what is defined in the Agreement shall include any Glance products or services Customer or Customer’s Client’s utilize to interact including, but not limited to, Glance Cobrowse, Glance Screen Share, Glance Mobile Screen Share, Remote Assist, and any feature sets associated with Glance products and services.

Glance and Customer previously entered into a Data Processing Addendum signed on Date (“Original DPA”). Glance and Customer hereto now desire to replace the Original DPA in entirety with this DPA. Customer enters into this DPA on behalf of itself and, to the extent required under applicable Data Protection Laws and Regulations, in the name and on behalf of its Authorized Affiliates. For the purposes of this DPA only, except where indicated otherwise, the term “Customer” shall include Customer and Authorized Affiliates. All capitalized terms not defined herein shall have the meaning set forth in the Agreement. In the event of any conflict between this DPA and the Agreement, the provisions of this DPA shall control.

In the course of providing the Services to Customer pursuant to the Agreement, Glance may Process Customer Data on behalf of Customer, and the parties agree to comply with the following provisions with respect to any Customer Data, each acting reasonably and in good faith.

HOW THIS DPA APPLIES

If the Customer entity signing this DPA is a party to the Agreement, this DPA is an addendum to and forms part of the Agreement. In such a case, Glance is a party to the Agreement and is a party to this DPA.

If the Customer entity signing this DPA has executed an Order Form with Glance pursuant to the Agreement, but is not itself a party to the Agreement, this DPA is an addendum to that Order Form and applicable renewal Order Form(s) and is a party to such Order Form is a party to this DPA. For the purposes of this DPA, any reference to Order Form herein shall include “Ordering Document” (as defined in the Agreement).

If the Customer entity signing this DPA is neither a party to an Order Form nor the Agreement, this DPA is not valid and is not legally binding. Therefore, such an entity should request that the Customer entity, a party to the Agreement, execute this DPA.

If the Customer entity signing the DPA is not a party to an Order Form or an Agreement directly with Glance but is instead a customer indirectly via an authorized reseller of Glance services, this DPA is not valid and is not legally binding. Therefore, such entity should contact the authorized reseller to discuss whether any amendment to its agreement with that reseller may be required.

DATA PROCESSING TERMS

1. DEFINITIONS

“Affiliate” means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

“Authorized Affiliate” means any of Customer’s Affiliate(s) which (a) is subject to the data protection laws and regulations of the European Union, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom, and (b) is permitted to use the Services pursuant to the Agreement between Customer and Glance, but has not signed its own Order Form with Glance and is not a “Customer” as defined under this DPA.

“CCPA” means the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., as amended by the California Privacy Rights Act, and its implementing regulations.

“Controller” means the entity which determines the purposes and means of the Processing of Personal Data.

“Customer’s Clients” means any person, individual, entity, organization, etc. utilizing the Services to interact with Customer.

“Customer’s Client’s Data” means all data Glance Processes that is sourced from Customer’s Clients in the course of providing Services, even if the data is not directly related to an individual in the Session. (For example, if Customer’s Clients show information regarding a tenant of theirs via Glance Cobrowse during a Session with Customer, that information would be considered Customer’s Client’s Data.)

“Customer Data” means all data (including, but not limited to Personal Data, Customer’s data and Customer’s Clients’ Data) Glance Processes on behalf of Customer, Customer’s Clients, or both in the course of providing Services.

“Data Protection Laws and Regulations” means all laws and regulations applicable to the Processing of Personal Data under the Agreement, including those of the United States and its states.

“Data Subject” means the identified or identifiable person to whom Personal Data relates or from whom it originates.

“Glance” means the Glance entity, which is a party to this DPA, as specified in the section “HOW THIS DPA APPLIES” above, being Glance, a company incorporated in state of Delaware, United States, Registered office: The Corporation Trust Company, Corporation Trust Center, 1209 Orange Street, Wilmington, DE 19801 United States.

“Glance Privacy Policy” means the Privacy Policy found at the https://www.glance.cx/privacy-policy webpage.

“Glance Session” or “Session” means the interaction between Customer and Customer’s Clients utilizing the Services, including but not limited to; Glance Cobrowse (seeing what their Customer’s Clients see in their browsers), Glance Screen Share (sharing the Customer agent’s own screen, window or browser tab, or allowing the Customer’s Clients to share their screen, window or browser tab), or Glance Mobile Share (seeing what Customer’s Clients see in their mobile applications). For sake of clarity, any features available with the Services are also covered by this definition, including but not limited to, Remote Assist, use of camera/video, etc.

“Glance Terms of Use” means the Terms of Use found at the https://www.glance.cx/terms webpage.

“Personal Data” means any information relating to (i) an identified or identifiable natural person, (ii) an identified or identifiable legal entity (where such information is protected similarly as Personal Data or personally identifiable information under applicable Data Protection Laws and Regulations), or both (i) and (ii), where such data is Customer Data.

“Processing”, “Processes” or “Process” means any operation or set of operations which is performed upon Customer Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Processor” means the entity which Processes Customer Data on behalf of the Controller, including as applicable any “service provider” as that term is defined by the CCPA.

“Public Authority” means a government agency or law enforcement authority, including judicial authorities.

“Security, Privacy, and Architecture Documentation” means the Security, Privacy, and Architecture Documentation applicable to the specific Services purchased by Customer, as updated from time to time, and accessible via Glance’s Trust and Compliance webpage at glance.cx/trust-security, or as otherwise made reasonably available by Glance.

“Sub-processor” means any Processor engaged by Glance or a member of Glance.

2. PROCESSING PERSONAL DATA

2.1. Roles of the Parties.

The parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is a Controller or a Processor, Glance is a Processor, and that Glance or members of Glance will engage Sub-processors pursuant to the requirements set forth in section 5 “Sub-Processors” below.

2.2. Customer’s Processing of Personal Data.

Customer shall, in its use of the Services, Process Personal Data in accordance with the requirements of Data Protection Laws and Regulations. For the avoidance of doubt, Customer’s instructions for the Processing of Personal Data shall comply with Data Protection Laws and Regulations. Customer agrees to include language in their terms of use for the Glance Services (or a similar policy), currently referred to as the “Rent Manager Screen Share Terms of Use”, but whose title and content could be updated from time to time, that notifies the Session participant that they have sole responsibility for the accuracy, quality, and legality of any data they share and the means by which they acquired that data, or other similar language. A link to this policy will be available for the participants’ review prior to moving forward with a Session. Glance understands that the language above is not an exact representation of what will be stated, as the phrase will be modified to match the terminology of the policy (for example Session participant may be referred to as “you”, “participant” or something similar, and the phrasing may include other defined terms, as necessary) and may be updated from time to time. For clarity the language in the Rent Manager Screen Share Terms of Use currently states “…you have the sole responsibility for the accuracy, quality, and legality of any data you share and the means by which you acquired that data.”

2.3. Glance’s Processing of Customer Data.

Glance shall treat Customer Data as Confidential Information and shall Process Customer Data on behalf of and only in accordance with the following instructions:

2.3.1 Glance confirms that it will treat all Customer Data as Confidential Information and shall not disclose or sell Customer Data to third parties.

2.3.2 Except as outlined in 2.3.3 and 2.3.4, Glance confirms that it will not capture, transfer or store the content of Sessions, or Customer Data that it Processes on behalf of the Customer, Customer’s Clients, or both.

2.3.3 Glance Session data itself if encrypted while in motion across networks. For sake of clarity Glance does store the Session details from any given Session. Glance only stores Session metadata and does not store any data from the Session itself. Glance stores the following Session metadata:

o start time, stop time

o number of guests that join the Session

o participants’ Internet Protocol (IP) addresses, from which it is possible to infer geographic location. (IP addresses are purged after 3 months)

o the Glance URL (Agent Glance Address)

o the Session Type (whether a Cobrowse or a Screen Share Session)

2.3.4 All content is live. When a Session ends, any transient data cached in the Glance service’s virtual memory is deallocated. Only call detail records (CDRs) and log files (for debugging) persist. Neither contain Session screen data.

2.3.5 Personal Data that may be collected outside of the Services (i.e. visitors visiting the glance.cx website, etc.) follows the Glances Privacy Policy.

2.3.6 For sake of clarity, the Glance Privacy Policy will apply in all situations that are not defined as part of this DPA or the Agreement. In the event there is a conflict between this DPA, the Agreement and the Glance Privacy Policy, Glance will follow this DPA and Agreement, assuming that by doing so Customer Data (which includes, but is not limited to, Customer’s Client’s Data) would not be less protected or experience a lower level of privacy than if the Glance Privacy

Policy is followed. Glance understands Customer will provide Customer’s Clients with a link to the Glance Privacy Policy

(either directly or through the Glance Terms of Use) when initiating a Glance Session to set the expectations of Customer’s Clients. Glance agrees that Customer’s Clients can rely on the Glance Terms of Service and Privacy Policy to understand how Glance will Process and protect their data. Glance agrees that the Glance Privacy Policy will be the minimum standard of privacy and protection for Customer’s Clients and their data. Glance shall inform Customer immediately if, in its opinion, following the DPA or the Agreement would mean a lower standard of privacy for Customer, Customer’s Clients, or both, versus what is stated in the Glance Privacy Policy. Additionally, Glance shall inform Customer promptly if either the Glance Privacy Policy or the Glance Terms of Service links change, so that Customer may update those links.

2.3.7 Glance will not join or monitor any Customer Sessions unless explicitly asked to do so by the Customer.

2.4. Details of the Processing.

The subject matter of Processing of Customer Data by Glance is the performance of the Services pursuant to the Agreement. The duration of the Processing, nature, and purpose, and types of Customer Data and categories of Data Subjects Processed under this DPA are so long as Glance provides Services to the Customer.

2.5. Customer Instructions.

Glance shall inform Customer immediately (i) if, in its opinion, an instruction from Customer constitutes a breach of Data Protection Laws and Regulations and/or (ii) if Glance is unable to follow Customer’s instructions for the Processing of Customer Data.

3. RIGHTS OF DATA SUBJECTS

Glance shall, to the extent legally permitted, promptly notify Customer of any complaint, dispute or request it has received from a Data Subject, such as a Data Subject’s right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, object to the Processing, or its right not to be subject to an automated individual decision making, each such request being a “Data Subject Request”. Glance shall not respond to a Data Subject Request itself, except that Customer authorizes Glance to redirect the Data Subject Request as necessary to allow Customer to respond directly. Taking into account the nature of the Processing, Glance shall assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of Customer’s obligation to respond to a Data Subject Request under Data Protection Laws and Regulations.

In addition, to the extent Customer, in its use of the Services, does not have the ability to address a Data Subject Request,

Glance shall, upon Customer’s request, provide commercially reasonable efforts to assist Customer in responding to such Data Subject Request, to the extent Glance is legally permitted to do so, and the response to such Data Subject Request is required under Data Protection Laws and Regulations. To the extent legally permitted, Customer shall be responsible for any costs arising from Glance’s provision of such assistance.

4. GLANCE PERSONNEL

4.1. Confidentiality.

Glance shall ensure that its personnel engaged in the Processing of Customer Data are informed of the confidential nature of the Customer Data, have received appropriate training on their responsibilities, and have executed written confidentiality agreements. Glance shall ensure that such confidentiality obligations survive the termination of the personnel engagement.

4.2. Reliability.

Glance shall take commercially reasonable steps to ensure the reliability of any Glance personnel engaged in the Processing of Customer Data.

4.3. Limitation of Access.

Glance shall ensure that Glance’s access to Customer Data is limited to those personnel performing Services in accordance with the Agreement.

4.4. Data Protection Officer.

Members of Glance have appointed a data protection officer. The designated person may be reached at privacy@glance.net.

5. SUB-PROCESSORS

5.1. Appointment of Sub-processors.

Customer acknowledges and agrees that (a) Glance’s Affiliates may be retained as Sub-processors; and (b) Glance and Glance’s Affiliates may engage third-party Sub-processors in connection with the provision of the Services. Glance or a Glance Affiliate has entered into a written agreement with each Sub-processor containing, in substance, data protection obligations no less protective than those in the Agreement with respect to the protection of Customer Data to the extent applicable to the nature of the Services provided by such Sub-processor.

5.2. List of Current Sub-processors and Notification of New Sub-processors.

Amazon Web Services (AWS) is the Sub-processor engaged in Processing Customer Data for the performance of each applicable Service. AWS is a cloud computing platform for building, deploying, and managing applications through a global network of Amazon and third-party managed data center. Customer hereby consents to AWS as a Sub-processor, its’ locations, and processing activities pertaining to their Personal Data. Glance shall provide notification of a new Sub-processor(s) before authorizing any new Sub-processor(s) to Process Personal Data in connection with the provision of the applicable Services. Glance has entered into an agreement with AWS which contains terms no less protective of the Customer Data than those specified herein.

5.3. Objection Right for New Sub-processors.

Customer may object to Glance’s use of a new Sub-processor by notifying Glance promptly in writing within thirty (30) days of receipt of Glance’s notice in accordance with the mechanism set out in section 5.2. If Customer objects to a new Sub-processor as permitted in the preceding sentence, Glance will use reasonable efforts to make available to Customer a change in the Services or recommend a commercially reasonable change to Customer’s configuration or use of the Services to avoid Processing of Customer Data by the objected-to new Sub-processor without unreasonably burdening Customer. If Glance is unable to make available such change within a reasonable period of time, which shall not exceed sixty (60) days, Customer may terminate the applicable Order Form(s) with respect only to those Services which Glance cannot provide without the use of the objected-to new Sub-processor by providing written notice to Glance. Glance will refund Customer any prepaid fees covering the remainder of the term of such Order Form(s) following the effective date of termination with respect to such terminated Services without imposing a penalty for such termination on Customer.

5.4. Liability.

Glance shall be liable for the acts and omissions of its Sub-processors to the same extent Glance would be liable if performing the services of each Sub-processor directly under the terms of this DPA unless otherwise set forth in the Agreement.

6. SECURITY

6.1. Controls for the Protection of Customer Data.

Glance shall maintain appropriate technical and organizational measures for the protection of the security (including protection against unauthorized or unlawful Processing and against accidental or unlawful destruction, loss or alteration or damage, unauthorized disclosure of, or access to, Customer Data), confidentiality and integrity of Customer Data, as set forth in the Security, Privacy, and Architecture Documentation. Glance regularly monitors compliance with these measures. Glance will not materially decrease the overall security of the Services during a subscription term.

6.2. Audit.

Glance shall maintain an audit program to help ensure compliance with the

obligations set out in this DPA and shall make available to Customer information to demonstrate compliance with the obligations set out in this DPA, including those obligations required by applicable Data Protection Laws and Regulations, as set forth in this section 6.2.

6.2.1. Third-Party Certifications and Audits.

Glance has obtained the third-party certifications and audits set forth in the Security, Privacy, and Architecture Documentation for each applicable Service. Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement, Glance shall make available to Customer (or Customer’s Third-Party Auditor - as defined below in section 6.2.4) information regarding Glance’s compliance with the obligations set forth in this DPA in the form of a copy of Glance’s then most recent third-party audits or certifications set forth in the Security, Privacy, and Architecture Documentation. Such third-party audits or certifications may also be shared with Customer’s competent supervisory authority on its request. Where Glance has obtained ISO 27001 certifications and SSAE 18 Service Organization Control (SOC) 2 reports for a particular Service as described in the Documentation, Glance agrees to maintain these certifications or standards, or appropriate and comparable successors thereof, for the duration of the Agreement. Upon request, Glance shall also provide a requesting Customer with a report and/or confirmation of Glance's audits of third-party Sub-processors’ compliance with the data protection controls set forth in this DPA and/or a report of third-party auditors’ audits of third party Sub-processors that have been provided by those third-party Sub- processors to Glance, to the extent such reports or evidence may be shared with Customer (“Third-party Sub-processor Audit Reports”). Customer acknowledges that (i) Third-party Sub-processor Audit Reports shall be considered Confidential Information as well as confidential information of the third-party Sub processor and (ii) certain third-party Sub-processors to Glance may require Customer to execute a non-disclosure agreement with them in order to view a Third-party Sub- processor Audit Report.

6.2.2. On-Site or Remote Audit.

Customer may contact Glance to request an on-site audit of Glance’s Processing activities covered by this DPA (“On-Site or Remote Audit”). An On-Site or Remote Audit may be conducted by Customer either itself or through a Third-Party Auditor (as defined below in section 6.2.4) selected by Customer when:

• (i) the information available pursuant to section “Third-Party Certifications and Audits” is not sufficient to demonstrate compliance with the obligations set out in this DPA and its Schedules.
• (ii) Customer has received a notice from Glance of a Customer Data Incident; or
• (iii) such an audit is required by Data Protection Laws and Regulations or by Customer’s competent supervisory authority.

Any On-Site or Remote Audits will be limited to Customer Data Processing and storage facilities operated by Glance or any of Glance’s Affiliates. Customer acknowledges that Glance operates a multi-tenant cloud environment. Accordingly, Glance shall have the right to reasonably adapt the scope of any On-Site or Remote Audit to avoid or mitigate risks concerning, including, service levels, availability, and confidentiality of other Glance customers’ information.

6.2.3. Reasonable Exercise of Rights.

Customer or its Third-Party Auditor shall conduct an On-Site or Remote Audit:

• (i) acting reasonably, in good faith, and a proportional manner, taking into account the nature and complexity of the Services used by the Customer.
• (ii) up to one time per year with at least three weeks’ advance written notice. If an emergency justifies a shorter
• notice period, Glance will use good faith efforts to accommodate the On-Site or Remote Audit request; and during Glance’s regular business hours, under reasonable duration, and shall not unreasonably interfere with Glance’s day -to- day operations.

Before any On-Site or Remote Audit commences, Customer and Glance shall mutually agree upon the audit's scope, timing, and duration and the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by or on behalf of Glance.

6.2.4. Third-Party Auditor.

A Third-Party Auditor is a third-party independent contractor, not a competitor of Glance. An On-Site or Remote Audit can be conducted through a Third-Party Auditor if:

• (i) prior to the On-Site or Remote Audit, the Third-Party Auditor enters into a non-disclosure agreement containing confidentiality provisions no less protective than those set forth in the Agreement to protect Glance’s proprietary information; and
• (ii) the costs of the Third-Party Auditor are at Customer’s expense.

6.2.5. Findings.

Customer must promptly provide Glance with information regarding any non-compliance discovered during the course of an On-Site Audit.

6.3. Data Protection Impact Assessment.

Upon Customer’s request, Glance shall provide Customer with reasonable cooperation and assistance needed to fulfill Customer’s obligation under Data Protection Laws and Regulations to carry out a data protection impact assessment related to Customer’s use of the Services, to the extent Customer does not otherwise have access to the relevant information, and to the extent, such information is available to Glance.

7. CUSTOMER DATA INCIDENT MANAGEMENT AND NOTIFICATION

Glance maintains security incident management policies and procedures specified in the Security, Privacy, and Architecture Documentation and shall notify Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data, including Personal Data, transmitted, stored or otherwise Processed by Glance or its Sub-processors of which Glance becomes aware (a “Customer Data Incident”). Glance shall make reasonable efforts to identify the cause of such Customer Data Incident and take such steps as Glance deems necessary and appropriate to remediate the cause of such a Customer Data Incident to the extent the remediation is within Glance’s reasonable control. The obligations herein shall not apply to incidents that Customer or Customer’s Users cause.

8. GOVERNMENT ACCESS REQUESTS

In its role as a Processor, Glance shall maintain appropriate measures to protect Customer Data in accordance with the requirements of Data Protection Laws and Regulations, including by implementing appropriate technical and organizational safeguards to protect Customer Data against any interference that goes beyond what is necessary for a democratic society to safeguard national security, defense, and public security. If Glance receives a legally binding request to access Customer Data from a Public Authority, Glance shall, unless otherwise legally prohibited, promptly notify Customer, including a summary of the nature of the request. To the extent Glance is not permitted by law to provide such notification, Glance shall use commercially reasonable efforts to obtain a waiver of the prohibition to enable Glance to communicate as much information as possible as soon as possible. Further, Glance shall challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider the request unlawful. Glance shall pursue possibilities of appeal. When challenging a request, Glance shall seek interim measures to suspend the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the Customer Data requested until required under the applicable procedural rules. Glance agrees it will provide the minimum amount of information permissible when responding to a request for disclosure based on a reasonable interpretation of the request. Glance shall promptly notify Customer if Glance becomes aware of any direct access by a Public Authority to Customer Data and provide information available to Glance in this respect, to the extent permitted by law. For the avoidance of doubt, this DPA shall not require Glance to pursue action or inaction that could result in a civil or criminal penalty for Glance, such as contempt of court. Glance certifies that Glance (1) has not purposefully created back doors or similar programming to allow access to the Services and/or Customer Data by any Public Authority; (2) has not purposefully created or changed its business processes in a manner that facilitates access to the Services and/or Customer Data by any Public Authority; and (3) at the Effective Date is not currently aware of any national law or government policy requiring Glance to create or maintain back doors, or to facilitate access to the Services and/or Customer Data, to keep in its possession any encryption keys or to hand- over the encryption key to any third party.

9. RETURN AND DELETION OF CUSTOMER DATA

Glance shall return Customer Data to Customer and, to the extent allowed by applicable law, delete Customer Data in accordance with the procedures and timeframes specified in the Security, Privacy, and Architecture Documentation. Until Customer Data is deleted or returned, Glance shall continue to comply with this DPA and its Schedules.

10. AUTHORIZED AFFILIATES

10.1. Contractual Relationship.

The parties acknowledge and agree that, by executing the Agreement, Customer enters into this DPA on behalf of itself and, as applicable, in the name and on behalf of its Authorized Affiliates, thereby establishing a separate DPA between Glance and each such Authorized Affiliate subject to the provisions of the Agreement and this section 10 and section 11. Each Authorized Affiliate agrees to be bound by the obligations under this DPA and, to the extent applicable, the Agreement. To avoid doubt, an Authorized Affiliate is not and does not become a party to the Agreement and is a party only to this DPA. All access to and use of the Services and Content by Authorized Affiliates must comply with the terms and conditions of the Agreement, and any violation of the terms and conditions of the Agreement by an Authorized Affiliate shall be deemed a violation by Customer.

10.2. Communication.

The Customer that is the contracting party to the Agreement shall remain responsible for coordinating all communication with Glance under this DPA and be entitled to make and receive any communication in relation to this DPA on behalf of its Authorized Affiliates.

10.3. Rights of Authorized Affiliates.

Where an Authorized Affiliate becomes a party to this DPA with Glance, it shall, to the extent required under applicable Data Protection Laws and Regulations, be entitled to exercise the rights and seek remedies under this DPA, subject to the following:

10.3.1 Except where applicable Data Protection Laws and Regulations require the Authorized Affiliate to exercise a right or seek any remedy under this DPA against Glance directly by itself, the parties agree that (i) solely the Customer that is the contracting party to the Agreement shall exercise any such right or seek any such remedy on behalf of the Authorized Affiliate, and (ii) the Customer that is the contracting party to the Agreement shall exercise any such rights under this DPA, not separately for each Authorized Affiliate individually, but in a cooperative manner for itself and all of its Authorized Affiliates together (as set forth, for example, in section 10.3.2, below).

 

10.3.2 The parties agree that the Customer that is the contracting party to the Agreement shall, when carrying out an Onsite or Remote Audit of the procedures relevant to the protection of Customer Data, take all reasonable measures to limit any impact on Glance and its Sub-Processors by combining, to the extent reasonably possible, several audit requests carried out on behalf of itself and all of its Authorized Affiliates in one single audit.

11. LIMITATION OF LIABILITY

Each party’s and all of its Affiliates’ liability, taken together in the aggregate, arising out of or related to this DPA, and all DPAs between Authorized Affiliates and Glance, whether in contract, tort, or under any other theory of liability, is subject to the ‘Limitation of Liability’ section of the Agreement, and any reference in such section to the liability of a party means the aggregate liability of that party and all of its Affiliates under the Agreement and all DPAs together.

For the avoidance of doubt, Glance’s and its Affiliates’ total liability for all claims from Customer and all of its Authorized Affiliates arising out of or related to the Agreement and all DPAs shall apply in the aggregate for all claims under both the Agreement and all DPAs established under the Agreement, including by Customer and all Authorized Affiliates, and, in particular, shall not be understood to apply individually and severally to Customer and/or to any Authorized Affiliate that is a contractual party to any such DPA.

12. LEGAL EFFECT

This DPA shall only become legally binding between Customer and Glance when the formalities steps set out in the section “HOW TO EXECUTE THIS DPA” above have been fully completed.