RB2B Add-on Addendum

1. The Add-on

The Add-on enables person-level identification of business visitors to Customer's website. When activated, Provider's tag invokes an embedded tag from RB2B. RB2B identifies Customer's website visitors using a third-party data graph maintained by RB2B and returns identification data (the "RB2B Output Data") to Provider, which makes the RB2B Output Data available to Customer through the Service.

2. RB2B as Independent Controller / Data Partner

RB2B is not a sub-processor of Provider with respect to the Add-on. With respect to the data RB2B collects via its embedded tag (the "Cookie Data") and the RB2B Output Data, RB2B operates as an independent "controller" and an independent "business" or "third party" within the meaning of Applicable Data Protection Laws, including the California Consumer Privacy Act / California Privacy Rights Act ("CCPA") and similar state privacy laws.

The Add-on is governed by RB2B's own data protection terms, including the RB2B Data Protection Addendum available at https://www.rb2b.com/data-protection-addendum-dpa and the RB2B Reseller Agreement Customer Restrictions, both of which are incorporated by reference and apply to Customer's use of the Add-on.

3. Data Flows

When the Add-on is active:

1. On every page view of Customer's website, RB2B's embedded tag receives the visitor's IP address, browser fingerprint, page URL, referrer, and timestamp.
2. When RB2B identifies a visitor through its data graph, RB2B Output Data is made available to Customer through the Service. The fields returned include: first name, last name, business email, LinkedIn URL, job title, company name, website, industry, employee count, estimated revenue band, city, state, ZIP code, identification timestamp, referrer, and captured page URL.
3. RB2B retains the Cookie Data within its data graph and may use it to operate and improve RB2B's services across RB2B's customer base, subject to RB2B's own data protection terms. RB2B has confirmed in writing that individual visitor records collected on Customer's website are not directly shared with or exposed to other RB2B customers, and do not directly influence specific identifications served to other RB2B customers; each identification is based on signals at the time of the visit.

4. Sale or Sharing Under State Privacy Laws

The data flow described in Section 3 may constitute a "sale" or "sharing" of personal information under CCPA and similar state privacy laws (including those of Virginia, Colorado, Connecticut, Texas, and Utah). Customer acknowledges this characterization and assumes the corresponding Customer obligations set out in Section 5.

5. Customer Obligations

While the Add-on is active, Customer agrees to:

1. Update Customer's website privacy policy to disclose the collection, use, and sharing of personal information described in this Addendum, including the involvement of RB2B as an independent data partner.
2. Post a "Your Privacy Choices," "Do Not Share or Sell My Personal Information," or substantively equivalent link in a clear and conspicuous location on Customer's website.
3. Implement and maintain a mechanism to honor consumer opt-out requests with respect to the data flows enabled by the Add-on, including signals received via Global Privacy Control ("GPC").
4. Deploy the Add-on only on websites that serve traffic from visitors located in the United States. Customer will not interfere with, disable, or circumvent any geographic gating implemented by Provider that suppresses identification for non-US visitors.
5. Not deploy the Add-on on websites subject to the Health Insurance Portability and Accountability Act ("HIPAA") or the Gramm-Leach-Bliley Act ("GLBA").
6. Not use RB2B Output Data for purposes subject to the Fair Credit Reporting Act ("FCRA"), including the modeling or determination of consumer credit worthiness, eligibility for employment, or eligibility for insurance.
7. Not (i) resell, redistribute, or otherwise make RB2B Output Data available to third parties; (ii) use RB2B Output Data to develop a service or product competitive with RB2B or with the Service; or (iii) reverse-engineer or attempt to extract RB2B Output Data outside of the Service's intended user interface and APIs.
8. Cause its activating administrator to confirm, at the point of activation, that they are authorized to bind Customer to this Addendum.

6. Termination of the Add-on

1. Customer may deactivate the Add-on at any time through the Service's settings.
2. Upon deactivation, Provider will cease invoking the RB2B Add-on tag and will stop delivery of new RB2B Output Data to Customer.
3. Deactivation does not deleteCookie Data already collected by RB2B and held in RB2B's data graph. RB2B's retention of Cookie Data is governed by RB2B's own Data Protection Addendum. End-users seeking deletion or opt-out of RB2B's records may submit requests directly to RB2B at https://www.rb2b.com/your-privacy-choices (or such other URL as RB2B may designate from time to time).
4. RB2B Output Data already delivered to and stored within Customer's Service instance remains subject to the deletion provisions of the DPA.

7. Disclaimers and Limitations

1. Provider makes no representations or warranties regarding the accuracy, completeness, or fitness for any particular purpose of the RB2B Output Data. RB2B Output Data is provided "as is."
2. Customer's use of the Add-on is at Customer's own risk. Provider's liability with respect to the Add-on, including the RB2B Output Data, is limited as set forth in the Agreement. Customer acknowledges that RB2B's liability to Provider with respect to the data made available through the Add-on is contractually limited under Provider's agreement with RB2B.
3. RB2B may modify, suspend, or discontinue the Add-on at its sole discretion and on the notice provided to Provider. In such case, Provider will inform Customer and may correspondingly modify, suspend, or discontinue the Add-on within the Service.
4. Customer indemnifies Provider against third-party claims arising from Customer's failure to comply with the Customer Obligations in Section 5, or from Customer's use of RB2B Output Data outside the scope permitted under this Addendum.

8. Sub-Processors and Independent Data Partners

Solely with respect to the Add-on, Provider's "Approved Subprocessors" list at https://trust.syftdata.com is supplemented by the disclosure that RB2B is an independent Data Partnerfor the Add-on, not a sub-processor of Provider. RB2B's own sub-processors, relevant to the data flow described in Section 3, are listed in RB2B's Data Protection Addendum.

9. Acceptance

This Addendum is accepted by Customer at the moment Customer's authorized administrator activates the Add-on within the Service and confirms acceptance through the Service's activation flow. Provider records the following at the moment of acceptance: the identity of the activating administrator (account user ID, name, email), the timestamp of acceptance (UTC), the originating IP address, and the version of this Addendum in effect at that moment. Activation without confirmed acceptance is not permitted.

If this Addendum is updated to a new version while the Add-on remains active in Customer's account, Provider will require Customer's authorized administrator to re-confirm acceptance of the new version before continued use of the Add-on. Provider may suspend the Add-on in Customer's account if re-acceptance is not provided within a reasonable window.

10. Version History