1. Scope of Application
This addendum forms part of the Salesforce on Alibaba Cloud Framework Service Agreement (Master Agreement) between you and Alibaba Cloud Computing Co., Ltd. (Alibaba Cloud). It applies when Alibaba Cloud, as the Entrustee, processes Entrusted Data contained in or generated from your products and services while providing you with Salesforce on Alibaba Cloud products (SFDC China Products) and related services. If any terms of the Master Agreement, including its appendices, conflict with this addendum, this addendum prevails.
For the purposes of this addendum, you, the Data Processor, appoint Alibaba Cloud as your Entrustee to process data during the term of the Master Agreement to provide you with services related to SFDC China Products.
2. Definitions
In this addendum:
2.1 "Data Protection Laws" means the laws and regulations related to personal information protection and data compliance enacted and in effect in China from time to time, before and after this agreement takes effect. This includes but is not limited to the Cybersecurity Law, the Consumer Rights and Interests Protection Law, the Data Security Law, and the Personal Information Protection Law. For the purpose of this agreement and to avoid doubt, this does not include the laws of the Hong Kong Special Administrative Region, the Macao Special Administrative Region, and the Taiwan region.
2.2 "Entrusted Data" means the data that the Data Processor provides to the Entrustee as necessary to perform the agreement. It also includes data generated by the Entrustee while performing the entrusted data processing activities under this agreement.
2.3 "Personal Information" means any kind of information related to an identified or identifiable natural person that is recorded electronically or otherwise. This does not include anonymized information.
2.4 "Processing" means any operation or set of operations performed on data such as personal information. This includes but is not limited to access, collection, storage, use, processing, transmission, provision, disclosure, and deletion.
2.5 "Data Processor" means an organization or individual that independently determines the purposes and methods of data processing activities. To avoid ambiguity, you are the Data Processor under this addendum, also referred to as the "data provider."
2.6 "Entrustee" means an organization or individual that processes data on behalf of the Data Processor and strictly follows the Data Processor's instructions. To avoid ambiguity, Alibaba Cloud is the Entrustee under this addendum, also referred to as the "data recipient."
3. Rights and Responsibilities of the Entrustee
When processing data, such as personal information, under this agreement, Alibaba Cloud commits to the following:
3.1 Purpose of Processing Alibaba Cloud processes data only in accordance with your written instructions and applicable data protection laws for the following purposes: (i) processing in accordance with the Agreement and applicable orders; (ii) processing initiated by you through your use of the Services; and (iii) processing to comply with your other reasonable written instructions (for example, by email), provided that such instructions are consistent with the terms of this Agreement.
3.2 Confidentiality and Access Restrictions Alibaba Cloud ensures that access to your Entrusted Data is limited to personnel who provide services in accordance with the agreement, and that all personnel authorized by Alibaba Cloud to process the data are subject to appropriate confidentiality obligations.
3.3 Security Measures In accordance with applicable data protection laws, Alibaba Cloud establishes appropriate data security capabilities and implements necessary administrative and technical measures to provide sufficient security for Entrusted Data and to prevent its unauthorized use, leakage, damage, or loss (a "Security Incident"). Alibaba Cloud may change these measures from time to time but will not lower the level of protection for the data.
3.4 Security Incidents If a confirmed security incident occurs, Alibaba Cloud will immediately notify you and provide reasonable information and cooperation to enable you to fulfill any data breach reporting obligations you may have under applicable data protection legislation within the required timeframes. Alibaba Cloud must further take any reasonably necessary measures and actions to remedy or mitigate the impact of the security incident and must keep you informed of all significant developments related to the security incident. These obligations do not apply to incidents caused by you or your users.
3.5 Sub-processors You hereby authorize and consent that Alibaba Cloud's affiliates may be retained as sub-processors, and that Alibaba Cloud and its affiliates may engage third-party sub-processors to process Entrusted Data for permitted purposes in connection with providing the services, provided that: (i) Alibaba Cloud and/or its affiliates have entered into a written agreement with each sub-processor that includes data protection terms requiring it to protect such data to a standard at least as protective as the data protection obligations under this agreement, but only to the extent applicable to the nature of the services provided by the sub-processor; (ii) an up-to-date list of such sub-processors is set forth in a schedule to this agreement; and (iii) Alibaba Cloud remains fully liable for any of its third-party sub-processors. You may object to Alibaba Cloud's appointment or replacement of such a sub-processor before the appointment or replacement is made, provided that such objection is based on reasonable grounds related to data protection. In such an event, Alibaba Cloud will not appoint or replace the relevant sub-processor. If this is not possible, you may terminate the relevant services and this addendum as it applies to those services.
3.6 Data Requests To the extent consistent with the features and roles of the Alibaba Cloud service, Alibaba Cloud provides you with appropriate technical and organizational measures to assist you in fulfilling your obligation under applicable data protection laws to respond to requests from personal information subjects to exercise their rights (including requests to access, correct, delete, restrict, or export data). If a personal information subject, a regulator, or any other party directly submits to Alibaba Cloud any request, query, or complaint regarding the Entrusted Data, Alibaba Cloud will immediately notify you or inform the requester that they should contact you.
3.7 Data Return Within 30 days of the agreement's termination, you can request that Alibaba Cloud return the Entrusted Data, provided that you have not deleted such data or removed the Salesforce Managed Package that stores the Entrusted Data. Alibaba Cloud will provide such Entrusted Data as downloadable files in .csv format and as attachments in their native format. If you delete the Salesforce Managed Package before the contract is terminated, it may not be possible to return the aforementioned Entrusted Data because deleting the Salesforce Managed Package may initiate the deletion process for the related Entrusted Data. This clause does not apply to Scratch Orgs.
3.8 Data Deletion Unless otherwise agreed in writing, Alibaba Cloud will delete all of your Entrusted Data, including from production environments and backups, 180 days after the termination of the agreement. This requirement does not apply if applicable law requires Alibaba Cloud to retain some or all of the data or data archived on backup systems. In such cases, Alibaba Cloud securely isolates and protects such data from any further processing until deletion is possible. Alibaba Cloud reserves the right to reduce the number of days for which it retains such data after the agreement is terminated. If such a change is made, Alibaba Cloud will update this Data Processing Addendum. This clause does not apply to Scratch Orgs.
3.9 Audit Alibaba Cloud selects and bears the cost of engaging independent, qualified third-party security professionals and auditors to periodically verify the adequacy of its security measures and generate audit reports. You acknowledge that Alibaba Cloud is regularly audited by independent third-party auditors against numerous industry-recognized standards. Upon your written request, and provided that you sign a non-disclosure agreement covering the audit report (and demonstrate that you are not a competitor of Alibaba Cloud), Alibaba Cloud will provide you with a summary copy of the audit report demonstrating Alibaba Cloud’s compliance with the obligations set forth in this Appendix. You agree to exercise your audit rights by instructing Alibaba Cloud to perform the audit described in this section.
4. Security Safeguards for the Data Recipient
Taking into account the current state of technology, the costs of implementation, the nature, scope, context, and purposes of the processing, and the likelihood of risks that may harm the rights and freedoms of personal information subjects, the data security measures that Alibaba Cloud undertakes include the following:
4.1 Access Control for Premises and Facilities You must take measures to prevent unauthorized physical access to premises and devices that store data, such as personal information. These measures include access control systems, identification card readers, magnetic stripe cards, chip cards, monitoring devices, and facility entry and exit records.
4.2 Access Restrictions Adhere to the principles of minimizing the number of individuals with access permissions and minimizing the amount of information accessed, granting access only to authorized employees who have a legitimate need. Unauthorized individuals are prohibited from accessing the Entrusted Data obtained by the Data Processor and its processing systems, whether through physical or logical access.
4.3 Availability Controls Implement measures to ensure that Entrusted Data is protected against accidental damage or loss, including at least the following: ensuring installed systems can resume operation after an interruption, ensuring systems operate normally and report failures, ensuring stored data such as personal information is not corrupted due to system failures, business continuity procedures, remote storage, and antivirus/firewall systems.
4.4 Data Encryption SFDC China products use industry-recognized encryption products to protect your data and data transmissions between your network and SFDC China products, including Transport Layer Security (TLS) that uses at least 2048-bit RSA server certificates and 128-bit symmetric encryption keys. Additionally, all data, including your data, is transmitted between data centers for copy backup purposes using encrypted links with AES-256 encryption. Your passwords are stored using a one-way salted hash, and Alibaba Cloud does not record your passwords or set predefined passwords for you. Passwords are reset to random values (which you must change upon first use) and are automatically sent by email to the requesting user.
4.5 Tenant Isolation Services for SFDC China products operate in a multi-tenant architecture designed to isolate and restrict Entrusted Data access based on business requirements. The architecture provides effective logical data separation for different customers using a customer-specific "Organization ID" and enables access permissions based on customer and user roles. It also ensures additional data isolation by providing separate environments for different functions, especially testing and production.
4.6 Access Logs Salesforce China products maintain your access logs, which contain the date, time, user ID, the executed URL or the ID of the affected entity, the operation performed (create, update, or delete), and the source IP address. Please note that if you or your Internet Service Provider (ISP) use Network Address Translation (NAT) or port address translation (PAT), the source IP address may be unavailable. Access logs are retained for 180 days. If you suspect improper access, Alibaba Cloud can provide you with access log records for your forensic analysis.
4.7 Security Log All systems used to provide SFDC China products, including firewalls, routers, network switches, and operating systems, record information to their respective system log facilities or a centralized system log server (for network systems) for security review and analysis.
4.8 Reliability and Backup All network components, load balancers, web servers, and application servers are configured with redundancy. All Entrusted Data that you submit is stored on a master database server with multiple active clusters for higher availability. All Entrusted Data that you submit is stored on highly redundant, carrier-grade disk storage with multiple data paths to ensure reliability and performance. All Entrusted Data that you submit, up to the last committed transaction, is automatically replicated to a secondary site in near real-time and backed up to localized data storage. Backups are verified for integrity. If a Salesforce Managed Package that you manage is uninstalled by your administrator during the subscription period, the aforementioned replication and backup may become unavailable because this action can delete the Entrusted Data submitted to such services, making recovery impossible. This term does not apply to Scratch Orgs.
4.9 Sandbox Sandbox subscriptions are for testing and development only, not for production. As part of system maintenance, Alibaba Cloud may delete any sandbox that you have not logged on to for 150 consecutive days. Alibaba Cloud will notify you by email at least 30 days before deleting the sandbox. If you do not log on to the sandbox within this 30-day period (or a longer period), Alibaba Cloud will delete the sandbox. Deleting a sandbox does not terminate your sandbox subscription. If a sandbox is deleted during your subscription period, you can create a new one.
4.10 Other For more information about the security measures for Alibaba Cloud products, see the Alibaba Cloud Security Whitepaper.
V. Responsibilities of the data provider
5.1 You agree that while using the Service, you will conduct data processing activities, such as collection and use, in compliance with applicable data protection laws. You are fully responsible for the accuracy, quality, and legality of the Entrusted Data, along with the means by which you obtain it. Your provision of Entrusted Data to the Entrustee must not violate data protection laws, contractual agreements with other parties, or the rights of any third party.
5.2 If you delete the Salesforce Managed Package before the service is terminated, the associated Entrusted Data may become unavailable. Please proceed with caution.
VI. Cross-Border Data Transfer
6.1 Without your written consent, Alibaba Cloud will not provide Entrusted Data to, or grant access to it from, any country or region outside the People's Republic of China. For the avoidance of doubt, under this Agreement, providing Entrusted Data to, or granting remote access to, organizations or individuals in Hong Kong, Macau, or Taiwan is also considered a cross-border transfer under this clause.
6.2 If a cross-border transfer is necessary to perform the service, Alibaba Cloud implements such a transfer only after obtaining your written consent and fulfilling the necessary obligations under applicable data protection laws. These obligations include, but are not limited to, obtaining separate consent from individuals, signing a cross-border data transfer agreement with the overseas data recipient, and completing a data export security assessment by the cyberspace administration department.
6.3 If you provide your Entrusted Data (including any personal information contained therein) to, or grant access permissions for such data to, countries and regions outside the People's Republic of China, you agree to comply with all requirements of applicable data protection laws.
VII. Miscellaneous
Alibaba Cloud may modify the terms of this appendix, such as to comply with applicable data protection laws, but will not reduce the protection provided to you as required by law. If we do so, we will post the revised and restated version on the Alibaba Cloud platform and provide you with at least 15 days' prior written notice of any material revisions to the appendix. This notice may be published on the Alibaba Cloud platform. Your continued use of the relevant products or services after receiving written notice of such changes from Alibaba Cloud constitutes your agreement to be bound by the revised and restated appendix.
Addendum on Data Processing by Salesforce on Alibaba Cloud
Article 1 Scope of Application
This Addendum forms part of the Framework Service Agreement of Salesforce on Alibaba Cloud (“Master Agreement”) between you and Alibaba Cloud Computing Co., Ltd. (“Alibaba Cloud”), and governs the Processing (as defined below) by Alibaba Cloud as Entrustee (as defined below) of the Entrusted Data (as defined below) contained in or generated from your products/services during its provision of the Salesforce on Alibaba Cloud (“SFDC China Products”) and related services to you. In case of any conflict between the Master Agreement (including its appendices) and this Addendum, this Addendum prevails.
For the purpose of this Addendum, you, as Data Processor (as defined below), designate Alibaba Cloud as your Entrustee to Process data for the term of the Master Agreement through the services related to the SFDC China Products.
Article 2 Definitions
In this Addendum:
2.1 “Data Protection Laws” means the laws and regulations in force of the People’s Republic of China (“PRC”) on Personal Information (as defined below) protection and data compliance as enacted before and after the effectiveness hereof, including without limitation the Cybersecurity Law, the Law on Protection of Consumer Rights and Interests, the Data Security Law and the Personal Information Protection Law (for the avoidance of doubt, excluding the laws of Hong Kong, Macao and Taiwan solely for the purpose hereof).
2.2 “Entrusted Data” means the data provided by the Data Processor to the Entrustee to the extent necessary for the performance hereof, and the data generated by the Entrustee for Processing the Entrusted Data hereunder during the performance hereof.
2.3 “Personal Information” means information of any kind in relation to an identified or identifiable individual that is recorded electronically or otherwise, excluding anonymized information.
2.4 "Processing" means any operation or set of operations performed on Personal Information, such as access, collection, storage, use, adaptation, transmission, provision, publication, and deletion. The term "Process" has a corresponding meaning.
2.5 “Data Processor” means any entity or individual with the discretion over the purpose and method of Processing of Personal Information thereby. For the avoidance of doubt, under this Addendum, you are the Data Processor, i.e., the data provider.
2.6 An "Entrustee" is any entity or individual entrusted by the Data Processor to Process data strictly according to the Data Processor's requirements. Under this Addendum, Alibaba Cloud is the Entrustee, also known as the data recipient.
Article 3 Rights and Duties of Data Recipient
With respect to any Processing of Personal Information hereunder, Alibaba Cloud makes the following undertakings:
3.1 Purpose of Processing Alibaba Cloud processes data (i) as required under this Addendum and applicable orders; (ii) as requested by you during your use of services; and (iii) upon your other reasonable instructions in writing (such as via email), provided that such instructions comply with the terms of this Addendum, in each case in accordance with your written instruction and applicable Data Protection Laws.
3.2 Confidentiality and Limited Access Alibaba Cloud ensures that access to your Entrusted Data is limited to the personnel providing services under this Addendum, and that all personnel authorized by Alibaba Cloud to Process data are subject to proper confidentiality obligations.
3.3 Security Measures Alibaba Cloud, as required under applicable Data Protection Laws, protects the Entrusted Data from unauthorized use, breach, damage and loss (“Security Incident”) by putting in place sufficient security measures for the Entrusted Data, including building data security capabilities commensurate with its services and implementing necessary management and technical measures. Alibaba Cloud may change these measures from time to time without lowering the level of protection for data.
3.4 Security Incident In case of a confirmed Security Incident, Alibaba Cloud immediately notifies you and provides you with reasonable information and cooperation so that you may fulfill any data breach reporting obligation you may have within the time limit prescribed by applicable Data Protection Laws. Alibaba Cloud further takes any measures and actions reasonably necessary to remedy or mitigate the impacts of the Security Incident and keeps you abreast of all material developments with respect to the Security Incident. These obligations do not apply to any Security Incident caused by you or your users.
3.5 Subprocessor You hereby authorize and agree that Alibaba Cloud may engage its affiliates as subprocessors, and Alibaba Cloud and its affiliates may engage third-party subprocessors in connection with their service provision, to Process the Entrusted Data for permitted purposes. This authorization is subject to the following conditions: (i) Alibaba Cloud and/or its affiliates enter into a written agreement containing data protection provisions with each such subprocessor, requiring it to protect the Entrusted Data at a level not lower than that of the data protection obligations hereunder, if and only if such an agreement is applicable to the nature of the services provided by such subprocessor. (ii) An up-to-date list of such subprocessors is attached hereto. (iii) Alibaba Cloud bears all liabilities for any of its third-party subprocessors. Before any engagement or replacement of such subprocessor by Alibaba Cloud, you may object thereto, but only based on justified reasons related to data protection. If that is the case, Alibaba Cloud will not proceed with the engagement or replacement. Otherwise, you may terminate the relevant services and this Addendum applicable thereto.
3.6 Data Request To the extent consistent with the service functions and roles of Alibaba Cloud, Alibaba Cloud provides you with appropriate technical and organizational measures to assist you in your obligation under applicable Data Protection Laws to respond to any requests from Personal Information subjects for exercising their rights (including requests for direct access to or correction, deletion, limitation or export of data). If any Personal Information subject, regulator or other party makes any request, inquiry or complaint concerning the Entrusted Data directly to Alibaba Cloud, Alibaba Cloud immediately notifies you of the same or tells the foregoing to contact you directly.
3.7 Return of Data Within thirty (30) days of the termination of this agreement, you can request that Alibaba Cloud return the Entrusted Data, provided that you have not deleted this data or the Salesforce Managed Package where the Entrusted Data is stored. Alibaba Cloud provides the Entrusted Data as a downloadable CSV file and other local attachments. If you delete the Salesforce Managed Package before this agreement is terminated, Alibaba Cloud may be unable to return the Entrusted Data. This is because deleting the Salesforce Managed Package may also delete the Entrusted Data. This clause does not apply to Scratch Orgs.
3.8 Deletion of Data Unless otherwise agreed by the parties in writing, Alibaba Cloud deletes all your Entrusted Data, including the production environment and backups, 180 days after this agreement is terminated. This provision does not apply if Alibaba Cloud is required by applicable law to retain some or all of the data or backup data archived in its systems. In such cases, Alibaba Cloud securely isolates the data and protects it from any further processing until it can be deleted. Alibaba Cloud reserves the right to shorten this retention period. If this period is changed, Alibaba Cloud updates this Addendum. This clause does not apply to Scratch Orgs.
3.9 Audit Alibaba Cloud, at its selection and costs, engages independent qualified third-party security professionals and auditors to (regularly) verify the adequacy of its security measures and develop audit reports. You acknowledge that Alibaba Cloud is regularly audited by independent third-party auditors in accordance with generally accepted industry standards. At your written request, and subject to your execution of a confidentiality agreement covering the audit reports (with evidence that you are not a competitor of Alibaba Cloud), Alibaba Cloud provides you with a summarized copy of the audit reports evidencing Alibaba Cloud’s compliance with the obligations set forth in this Addendum. You agree that your audit right is exercised by instructing Alibaba Cloud to perform an audit as provided in this clause.
Article 4 Security Measures of Data Recipient
In consideration of the current state of the art, the costs of implementation, the nature, scope, background and purpose of Processing, along with the possible risks of damage to the rights and freedoms of Personal Information subjects, Alibaba Cloud undertakes to take the following data security measures:
4.1 Access Control for Premises and Facilities Measures must be taken to prevent unauthorized physical access to the premises and equipment where Personal Information is stored, such as access control systems, ID card readers, magnetic and chip cards, monitoring equipment, and facility access records.
4.2 Access Control for Information You must minimize the number of personnel with access to Entrusted Data and the amount of information they can access. Access must be granted only to authorized employees on a need-to-know basis. Unauthorized employees must not access the Data Processor's Entrusted Data or processing system, regardless of physical or logical access.
4.3 Availability Control The Entrusted Data is protected from accidental damage or loss with measures that at least: ensure recovery of installed systems from interruption, ensure normal operation and failure reporting of systems, ensure that Personal Information stored will not be damaged due to any system failure, enable business continuity procedures, and enable remote storage and anti-virus/firewall systems.
4.4 Data Encryption SFDC China Products use industry-accepted encryption to protect your data and the communications between your network and the SFDC China Products. This includes Transport Layer Security (TLS) with a server certificate of at least 2048-bit RSA and a 128-bit symmetric encryption key. In addition, AES-256 encryption is used for the transmission of all data, including your data, between data centers for backup purposes. Your password is stored using a one-way salted hash. Alibaba Cloud does not record your password in plain text or assign you any default password. For a password reset, a random password is generated and automatically sent to you by email. You are required to change this password upon first use.
4.5 Tenant Isolation The SFDC China Products-related services operate in a multi-tenant architecture designed to isolate and limit access to the Entrusted Data based on business needs. Such architecture provides effective logical separation of data between customers with customer-specific “organization IDs”, and allows access based on customer and user roles. Additional data isolation is ensured by providing separate environments for different functions (especially testing and production).
4.6 Access Log The SFDC China Products maintain access logs for users, including date, time, user ID, URL executed or entity ID of operation, operation executed (creation, update or deletion), and source IP address. Please note that, if you or your ISP uses NAT or PAT, the source IP address may be unavailable. Access logs are stored for one hundred and eighty (180) days. If you suspect any improper access, Alibaba Cloud may provide you with access logs for your evidence collection and analysis.
4.7 Security Log All systems used in the provision of the SFDC China Products, including firewalls, routers, network switches and operating systems, log information to their respective system logging facilities or a centralized system logging server (for network systems) for security review and analysis.
4.8 Reliability and Backup All network components, load balancers, web servers and application servers adopt redundant configurations. All the Entrusted Data that you commit is stored on the master database server with multiple active clusters for higher availability, is stored on highly redundant carrier-grade disks and multiple data paths to ensure reliability and performance, and is automatically copied to a secondary site in near real time and backed up to localized datastore until the last committed transaction. The backups undergo integrity verification. If the Salesforce Managed Package that you manage is de-installed by your administrator during the subscription period, the copy and backups above may be unavailable, because such de-installation may cause deletion of the Entrusted Data committed for such service without any chance of recovery. This clause does not apply to Scratch Orgs.
4.9 Sandbox Sandbox subscription is for testing and development only, and is not applicable for production. As part of system maintenance, Alibaba Cloud may delete any sandbox that you have not logged in to for one hundred and fifty (150) consecutive days. Alibaba Cloud notifies you via email of any such deletion at least thirty (30) days in advance. If you do not log in to the sandbox within the thirty (30)-day period (or a longer period, as the case may be), Alibaba Cloud proceeds with the deletion. The deletion of your sandbox does not terminate your sandbox subscription. If any sandbox is deleted during the period of your sandbox subscription, you may create a new sandbox.
4.10 Other Matters For more details of the security measures for Alibaba Cloud products, you may refer to the Alibaba Cloud Security Whitepaper.
Article 5 Responsibilities of Data Provider
5.1 You undertake that, during your use of the services in relation to the SFDC China Products, you collect, use and otherwise Process data in compliance with applicable Data Protection Laws, and are fully responsible for the accuracy, quality and legality of the Entrusted Data and for the means by which you obtain the Entrusted Data, and that your provision of the Entrusted Data to the Entrustee does not violate the Data Protection Laws, breach any contract with others, or infringe upon the rights and interests of any third party.
5.2 If you delete the Salesforce Managed Package before the agreement is terminated, the Entrusted Data stored in the Salesforce Managed Package may become unavailable. Therefore, exercise caution when performing this action.
Article 6 Cross-Border Data Transfer
6.1 Without your written consent, Alibaba Cloud does not make available the Entrusted Data or access to the Entrusted Data to any country or region other than the PRC. For the avoidance of doubt, making available the Entrusted Data or remote access to the Entrusted Data to any entity or individual in Hong Kong, Macao or Taiwan is also deemed as the cross-border transfer under this Article for the purpose of this Addendum.
6.2 If cross-border data transfer is necessary for the performance of the services in relation to the SFDC China Products, upon your written consent, Alibaba Cloud proceeds with such transfer only after fulfilling necessary obligations under applicable Data Protection Laws (including without limitation obtaining separate consent from individuals, executing an agreement on cross-border data transfer with an offshore data recipient, and completing the security assessment of cross-border data transfer of the competent cyberspace administration).
6.3 If you make your Entrusted Data (including the Personal Information it contains) available in, or accessible from, any country or region other than the PRC, you must comply with all the requirements of applicable Data Protection Laws.
Article 7 Miscellaneous
Alibaba Cloud may modify the provisions of this Addendum, such as for compliance with applicable Data Protection Laws, without diminishing the legally required protection to you. This Addendum so modified is considered as the amended and restated version hereof published on the Alibaba Cloud platform. You are notified in writing of any material amendment hereto at least fifteen (15) days in advance. Such notice may be published on the Alibaba Cloud platform. By further using relevant product or service upon receipt of any such written notice of modification from Alibaba Cloud, you represent that you agree to be bound by the Addendum as amended and restated.