These terms set forth the additional terms and conditions that Vendor must adhere to if Vendor will be accessing any Fitbit Data, Fitbit Systems or Fitbit Facilities (as defined below) in connection with its providing Goods to Fitbit or provisioning of any Services or Software to Fitbit, and supplement the Fitbit Vendor Terms and Conditions.

ACCESS TO FITBIT DATA, SYSTEMS AND FACILITIES

Access, if any, to: (i) any facilities made available to Vendor by Fitbit in connection with providing any Goods or provisioning any Services or Software to Fitbit (“Fitbit Facilities”), (ii) Fitbit data resulting from Vendor providing any Goods to Fitbit or provisioning of any Services or Software to Fitbit pursuant to this Agreement, including, without limitation any Confidential Information shared in connection with our relationship (“Fitbit Data”), and/or (iii) software or systems utilised or made available by Fitbit (“Fitbit Systems”), is granted solely to allow Vendor to provide the Goods to Fitbit or provision Services or Software to Fitbit and is limited to those specific Fitbit Systems, time periods, and personnel as are determined by Fitbit in its sole discretion from time-to-time. In connection with such access, Vendor will comply with all data security and business control and information protection policies, standards, obligations, and guidelines as may be required by Fitbit in its sole discretion from time to time, including, without limitation, any set forth in the following: Fitbit’s Vendor Security Measures. Vendor will not use Fitbit Data,Fitbit Systems or Fitbit Facilities for any other purposes or allow individuals not authorised by Fitbit to access the same. Any other non-permitted use of any Fitbit Data and/or Fitbit System is expressly prohibited. To the extent Vendor is granted access to any Fitbit Facilities Vendor will comply with any safety, control, protection, and other policies and guideline as Fitbit may provide from time-to-time and will be solely liable for its acts or omissions while at any site, including, without limitation, those resulting in personal injury or property damage. Without limiting the foregoing, Vendor warrants that it has adequate measures in place to comply with the above obligations (including without limitation those set forth in Fitbit’s Vendor Security Measures) and to ensure that access granted hereunder will not impair the integrity and availability of Fitbit Facilities, Fitbit Data and/or Fitbit Systems.

PERSONAL INFORMATION

As part of Fitbit’s compliance efforts relating to Data Protection Laws and Privacy Principles (each defined below), Fitbit requires that its Vendors comply with its Personal Data Processing Terms if, in connection with the Services or Software Vendor provides Fitbit, Vendor processes Personal Data (as defined below) on behalf of Fitbit.

Any terms not defined herein and therein, such as “process”, “processor”, “controller”, “sub-processor” and “data subject”, shall have the same meaning as in the General Data Protection Regulation (2016/679) (“GDPR”) along with national measures covering the same. “Data Protection Law” means the GDPR, United States federal and state law, including without limitation the California Consumer Privacy Act (“CCPA”), and any similar law governing the collection, use, and disclosure of personal data. “Personal Data” has the meaning ascribed to personal data or personal information (or other analogous variations of such terms) under Data Protection Laws. “Sell” means any activity that qualifies as “sell”, “selling”, “sale” or “sold”, under the CCPA. “Privacy Principles” means the EU- US Privacy Shield Framework Principles issued by the US Department of Commerce which forms Annex II to EC Commission Implementing Decision of 12 July 2016 (C(2016) 4176 final) and the Swiss-US Privacy Shield Framework Principles issued by the US Department of Commerce.

For clarity, the obligations set forth herein and therein supplement any existing terms and conditions contained in any agreement(s) Vendor may have with Fitbit relating to the Services or Software (“Applicable Agreements”).