一、适用范围
本附录构成您与阿里云计算有限公司(以下简称“阿里云”)签署的Salesforce on Alibaba Cloud框架服务协议(以下简称“主协议”)的一部分,适用于阿里云在向您提供Salesforce on Alibaba Cloud产品(以下简称“SFDC中国产品”)及相关服务时,作为受托者处理您的产品/服务内容中包含或生成的委托数据。如果主协议(包括其附录)的条款与本附录发生冲突,则以本附录为准。
就本附录而言,您(数据处理者)指定阿里云作为您的受托方,在主协议有效期内处理数据,以便向您提供SFDC中国产品相关服务。
二、定义
在本附录中:
2.1“数据保护法律”:主要是指本协议生效前和生效后中国不时颁布生效的个人信息保护、数据合规相关的法律和法规,包括但不限于《网络安全法》《消费者权益保护法》《数据安全法》《个人信息保护法》(仅为本协议之目的,为避免疑义,不包括香港特别行政区、澳门特别行政区及台湾地区的法律)。
2.2“委托数据”:是指为履行协议所必需的范围内,数据处理者向受托方提供的数据,以及在履行协议过程中,受托方为履行本协议下的受托数据处理行为而生成的数据。
2.3“个人信息”:是指以电子或者其他方式记录的与已识别或者可识别的自然人有关的各种信息,不包括匿名化处理后的信息。
2.4“处理”:是指对个人信息等数据进行的任何操作或一系列操作,包括但不限于:访问、收集、存储、使用、加工、传输、提供、公开、删除。
2.5“数据处理者”:是指在个人信息等数据的处理活动中自主决定处理目的、处理方式的组织、个人。为避免歧义,本协议项下,您为数据处理者,即“数据提供方”。
2.6“受托方”:是指接受数据处理者委托,严格按照数据处理者的要求处理数据的组织或者个人。为避免歧义,本协议项下,阿里云为受托方,即“数据接收方”。
三、数据接收方的权利和职责
在处理本协议项下的个人信息等数据时,阿里云承诺:
3.1【处理目的】阿里云仅按照您的书面指示及适用的数据保护法律要求处理数据,用于以下目的:(i)根据协议和适用的订单进行的处理;(ii)您在使用服务时发起的处理;以及 (iii)为遵守您的其他书面合理指示(例如通过电子邮件)而进行的处理,前提是此类指示符合本协议的条款。
3.2【保密&访问限制】阿里云应确保对您的委托数据的访问仅限于根据协议提供服务的人员,并确保阿里云授权处理数据的所有人员均遵守适当的保密义务。
3.3【安全保障措施】阿里云应当按照适用数据保护法律要求,建立相对应的数据安全能力,落实必要的管理和技术措施,为委托数据提供充分的安全保障,防止委托数据遭受未经授权的使用、泄漏、损毁、丢失(“安全事件”)。阿里云可能会不时更改这些措施,但不会降低对数据的保护级别。
3.4【安全事件】如果发生已确认的安全事件,阿里云将立即通知您,并向您提供合理的信息和配合,以便您能够履行在适用的数据保护立法规定的时间范围您可能承担的任何数据泄露报告义务。阿里云应进一步采取任何合理必要的措施和合理必要的行动来补救或减轻安全事件的影响,并应随时向您通报与安全事件有关的所有重大进展。此处的义务不适用于由您或您的用户引起的事件。
3.5【分处理者】在此获得您的授权同意:阿里云的关联公司可保留为分处理者,且阿里云及其关联公司可以就提供服务聘请第三方分处理者,为许可目的处理委托数据。前提是:(i)阿里云及/或其关联公司已与每个分处理方签订包含数据保护条款的书面协议,要求其按照不低于本协议数据保护义务的标准保护此类数据,但仅限于适用于该分处理者提供的服务的性质;(ii)在本协议附表中列明此类分处理者的最新名单;(iii)阿里云对其任何第三方分处理者承担全部责任。您可以在阿里云指定或更换此类分处理者之前反对阿里云指定或更换此类分处理者,但前提是此类反对是基于与数据保护相关的合理理由。在这种情况下,阿里云将不会指定或更换相关分处理者,如不能,您可以终止相关服务以及适用于该服务的本附录。
3.6【数据请求】在与阿里云服务功能和角色相一致的范围内,阿里云向您提供适当的技术和组织措施,协助您根据适用的数据保护法律,履行响应行使个人信息主体权利的请求(包括直接访问、纠正、删除、限制或导出数据的请求)的义务。如果个人信息主体、监管机构或任何其他方直接向阿里云提出有关委托数据的任何请求、查询或投诉,阿里云应立即通知您或通知该请求人应联系您。
3.7【数据返还】在协议终止后30天内,您可以要求阿里云返还委托数据,前提是您尚未删除此类数据,也未移除存储委托数据的Salesforce Managed Package。阿里云将通过 .csv格式的可下载文件和其本地格式的附件提供此类委托数据。如果您在在合同终止前删除了Salesforce Managed Package,则可能无法提供上述委托数据的返还,因为删除Salesforce Managed Package可能启动相关委托数据的删除过程。此条款不适用于Scratch Orgs。
3.8 【数据删除】除非双方另有书面约定,在协议终止180天后,阿里云将删除您的全部委托数据,包括生产环境和备份。如果适用法律要求阿里云保留部分或全部数据或备份系统上存档的数据,则此项要求不适用,在这种情况下,阿里云应安全地隔离和保护此类数据免受任何影响,直到可以删除为止。阿里云保留在合同终止后减少其保留此类数据的天数的权利。如果发生此类更改,阿里云将更新此数据处理附录。此条款不适用于Scratch Orgs。
3.9【审计】由阿里云选择并承担费用,使用独立的合格第三方安全专业人员和审计师(定期)验证其安全措施的充分性,并生成审计报告。您承认阿里云定期由独立第三方审计员根据许多行业认可的标准进行审计。根据您的书面请求,并在您签署涵盖审计报告的保密协议(并证明您不是阿里云的竞争对手)的情况下,阿里云将向您提供审计报告的摘要副本证明阿里云遵守本附录中规定的义务。您同意通过指示阿里云执行本节所述的审计来行使您的审计权。
四、数据接收方的安全保障措施
考虑到现有技术水平,实施成本,处理的性质、范围、背景和目的,以及给个人信息主体的权利和自由造成损害的风险可能性,阿里云承诺的数据安全保障措施包括:
4.1 【场所及设施的权限控制】必须采取措施以防止对存放个人信息等数据的场所和设备未经授权的物理访问,例如权限控制系统,身份识别读卡器、磁卡及芯片卡,监控设备,设施出/入记录等。
4.2 【访问限制】贯彻访问权限的人数最小化以及访问信息的数量最小化原则,仅供确有需要,且经授权的员工访问。未经授权的人员不得访问数据处理方获取的委托数据及其处理系统,无论是物理接触还是逻辑访问。
4.3【可用性控制】采取措施确保委托数据得到保护而不受意外破坏或丢失,至少应包括以下内容:确保已安装的系统在发生中断后能够恢复,确保系统正常运行并报告故障,确保储存的个人信息等数据不会因系统故障而被损坏,业务连续性程序,远程存储和防病毒/防火墙系统。
4.4 【数据加密】SFDC中国产品使用行业认可的加密产品来保护您的数据和您网络与SFDC中国产品之间的传输通信,包括利用至少2048-bit RSA服务器证书和128-bit对称加密密钥的传输层加密 (TLS)。此外,包括您的数据在内的所有数据在数据中心之间出于复制备份目的进行传输时,都使用AES-256加密的加密链路。您的密码使用one-way salted hash存储,阿里云不会记录您的密码,也不会为您设置已定义的密码。密码重置为随机值(首次使用时必须更改),并通过电子邮件自动发送给请求用户。
4.5【租户隔离】SFDC中国产品相关服务在多租户架构中运行,旨在根据业务需求隔离和限制委托数据访问。该架构通过客户特定的“组织ID”为不同客户提供有效的逻辑数据分离,允许使用基于客户和用户角色的访问权限。并通过为不同的功能(尤其是测试和生产)提供单独的环境来确保额外的数据隔离。
4.6【访问日志】SFDC中国产品将维护用户的访问日志,其中包含日期、时间、用户ID、执行的URL或操作的实体ID、执行(创建、更新、删除)的操作以及源IP地址。请注意,如果您或ISP使用NAT(网络地址转换)或PAT(端口地址转换),则源IP地址可能不可用。访问日志保存时间为180天。如果您怀疑访问不当,阿里云可以向您提供访问日志记录,以便您进行取证分析。
4.7【安全日志】提供SFDC中国产品时使用的所有系统,包括防火墙、路由器、网络交换机和操作系统,将信息记录到各自的系统日志设施或集中式系统日志服务器(用于网络系统),以便进行安全审查和分析。
4.8【可靠性和备份】所有网络组件、负载均衡器、Web服务器和应用程序服务器都以冗余配置进行配置。您提交的所有委托数据都存储在具有多个活动集群的主数据库服务器上,以获得更高的可用性。您提交的所有委托数据都存储在高度冗余的运营商级磁盘存储和多条数据路径上,以确保可靠性和性能。您提交的所有委托数据(直到最后一个提交的事务)都将以近乎实时的方式自动复制到辅助站点,并备份到本地化的数据存储中。备份会经过完整性验证。如果您管理的Salesforce Managed Package在订阅期内被您的管理员卸载,则上述复制和备份可能不可用,因为这样做可能会删除提交给此类服务的委托数据,而不可能进行任何恢复。此条款不适用于Scratch Orgs。
4.9【沙箱】沙箱订阅仅用于测试和开发,不用于生产。作为系统维护的一部分,阿里云可能会删除您连续150天未登录的任何沙箱。在操作删除前至少30天,阿里云将通过邮件通知您,如果您在该30天(或更长时间)内未登录沙箱,阿里云将删除该沙箱。删除沙箱不终止您的沙箱订阅,如果在您的沙箱订阅期限内删除沙箱,您可以创建新的沙箱。
4.10【其他】如您需了解更详细的阿里云产品安全保障措施,可参考《阿里云安全白皮书》。
五、数据提供方的责任
5.1 您承诺,在使用服务过程中,您应遵守适用的数据保护法律开展收集、使用等数据处理行为,对委托数据的准确性、质量和合法性以及您获取委托数据的方式承担全部责任。您提供委托数据给受托方的行为不违反数据保护法律,不违反与其他方的合同约定,或侵害第三方权益等。
5.2 如果您在协议终止前删除了Salesforce Managed Package,则上述删除Salesforce Managed Package的委托数据可能不可用,因此请您谨慎处理。
六、数据跨境传输
6.1 未经您书面同意,阿里云不会将委托数据向中华人民共和国以外的国家和区域提供,或将委托数据的访问权限开放给中华人民共和国以外的国家和区域。为避免歧义,在本协议项下,向香港、澳门或台湾地区的组织或个人提供委托数据或开放远程访问权限,亦视为本条约定下的跨境传输情形。
6.2 如为履行服务所必须,在经您书面同意后,阿里云应当在按照适用数据保护法律履行必要义务(包括但不限于获得个人单独同意、与境外数据接收方签署数据跨境传输协议、完成网信部门的数据出境安全评估等)后方可实施跨境传输。
6.3 如果您向中华人民共和国以外的国家和区域提供您的委托数据(包括此类数据中包含的个人信息),或将委托数据的访问权限开放给中华人民共和国以外的国家和区域,您承诺应遵守适用数据保护法律的所有要求。
七. 其他
阿里云可能会修改本附录的条款,例如为了遵守适用的数据保护法律,但不会降低依照法律要求向您提供的保护。如果这样做,则为阿里云平台上的修订和重述版本,并至少提前 15 天向您提供对附录的任何重大修订的书面通知。该通知可能会发布在阿里云平台上。在收到阿里云有关此类变更的书面通知后继续使用相关产品或服务,即表示您同意受经修订和重述的附录的约束。
Addendum on Data Processing by Salesforce on Alibaba Cloud
Article 1 Scope of Application
This Addendum shall be a part of the Framework Service Agreement of Salesforce on Alibaba Cloud (“Master Agreement”) between you and Alibaba Cloud Computing Co., Ltd. (“Alibaba Cloud”), and shall govern the Processing (as defined below) by Alibaba Cloud as Entrustee (as defined below) of the Entrusted Data (as defined below) contained in or generated from your products/services during its provision of the Salesforce on Alibaba Cloud (“SFDC China Products”) and related services to you. In case of any conflict between the Master Agreement (including its appendices) and this Addendum, this Addendum shall prevail.
For the purpose of this Addendum, you, as Data Processor (as defined below), designate Alibaba Cloud as your Entrustee to Process data for the term of the Master Agreement through the services related to the SFDC China Products.
Article 2 Definitions
In this Addendum:
2.1 “Data Protection Laws” shall mean the laws and regulations in force of the People’s Republic of China (“PRC”) on Personal Information (as defined below) protection and data compliance as enacted before and after the effectiveness hereof, including without limitation the Cyber Security Law, the Law on Protection of Consumer Rights and Interests, the Data Security Law and the Personal Information Protection Law (for the avoidance of doubt, excluding the laws of Hong Kong, Macao and Taiwan solely for the purpose hereof).
2.2 “Entrusted Data” shall mean the data provided by the Data Processor to the Entrustee to the extent necessary for the performance hereof, and the data generated by the Entrustee for Processing the ntrusted Data hereunder during the performance hereof.
2.3 “Personal Information” shall mean information of any kind in relation to an identified or identifiable individual that is recorded electronically or otherwise, excluding anonymized information.
2.4 “Processing” shall mean any operation or set of operations performed on Personal Information, including without limitation access, collection, storage, use, adaption, transmission, provision, publication and deletion; and “Process” shall have the correlative meaning.
2.5 “Data Processor” shall mean any entity or individual with the discretion over the purpose and method of Processing of Personal Information thereby. For the avoidance of doubt, under this Addendum, you are the Data Processor, i.e., the data provider.
2.6 “Entrustee” shall mean any entity or individual entrusted by the Data Processor to Process data in strict accordance with the requirement of the Data Processor. For the avoidance of doubt, under this Addendum, Alibaba Cloud is the Entrustee, i.e., the data recipient.
Article 3 Rights and Duties of Data Recipient
With respect to any Processing of Personal Information hereunder, Alibaba Cloud makes the following undertakings:
3.1 [Purpose of Processing] Alibaba Cloud will only Process data (i) as required under this Addendum and applicable orders; (ii) as requested by you during your use of services; and (iii) upon your other reasonable instructions in writing (such as via email), provided that such instructions comply with the terms of this Addendum, in each case in accordance with your written instruction and applicable Data Protection Laws.
3.2 [Confidentiality & Limited Access] Alibaba Cloud shall ensure that the access to your Entrusted Data is limited to the personnel providing services under this Addendum, and that all personnel authorized by Alibaba Cloud to Process data are subject to proper confidentiality obligations.
3.3 [Security Measures] Alibaba Cloud shall, as required under applicable Data Protection Laws, protect the Entrusted Data from unauthorized use, breach, damage and loss (“Security Incident”) by putting in place sufficient security measures for the Entrusted Data, including building data security capabilities commensurate with its services and implementing necessary management and technical measures. Alibaba Cloud may change these measures from time to time, without lowering the level of protection for data.
3.4 [Security Incident] In case of a confirmed Security Incident, Alibaba Cloud will immediately notify you, and provide you with reasonable information and cooperation, so that you may fulfill any data breach reporting obligation you may have within the time limit prescribed by applicable Data Protection Laws. Alibaba Cloud shall further take any measures and actions reasonably necessary to remedy or mitigate the impacts of the Security Incident, and shall keep you abreast of all material developments with respect to the Security Incident. These obligations will not apply to any Security Incident caused by you or your users.
3.5 [Subprocessor] You hereby authorize and agree that Alibaba Cloud may engage its affiliates as subprocessors, and Alibaba Cloud and its affiliates may engage third-party subprocessors in connection with their service provision, to Process the Entrusted Data for permitted purposes; provided that (i) Alibaba Cloud and/or its affiliates shall have entered into a written agreement containing data protection provisions with each such subprocessor, requiring it to protect the Entrusted Data at a level not lower than that of the data protection obligations hereunder, if and only if such an agreement is applicable to the nature of the services provided by such subprocessor; (ii) an up-to-date list of such subprocessors shall be attached hereto; and (iii) Alibaba Cloud shall bear all liabilities for any of its third-party subprocessors. Before any engagement or replacement of such subprocessor by Alibaba Cloud, you may object thereto, but only based on justified reasons related to data protection. If that is the case, Alibaba Cloud will not proceed with the engagement or replacement. Otherwise, you may terminate the relevant services and this Addendum applicable thereto.
3.6 [Data Request] To the extent consistent with the service functions and roles of Alibaba Cloud, Alibaba Cloud will provide you with appropriate technical and organizational measures to assist you in your obligation under applicable Data Protection Laws to respond to any requests from Personal Information subjects for exercising their rights (including requests for direct access to or correction, deletion, limitation or export of data). If any Personal Information subject, regulator or other party makes any request, inquiry or complaint concerning the Entrusted Data directly to Alibaba Cloud, Alibaba Cloud will immediately notify you of the same or tell the foregoing to contact you directly.
3.7 [Return of Data] Within thirty (30) days of termination hereof, you may request Alibaba Cloud to return the Entrusted Data, provided that you have not deleted such data or the Salesforce Managed Package where the Entrusted Data are stored. Alibaba Cloud will provide the Entrusted Data via downloadable CSV file and other local attachment. If you have deleted the Salesforce Managed Package before the termination hereof, Alibaba Cloud may be unable to return the Entrusted Data as stated above, since the deletion of the Salesforce Managed Package may cause the deletion of the Entrusted Data. This clause does not apply to Scratch Orgs.
3.8 [Deletion of Data] Unless otherwise agreed by the parties in writing, Alibaba Cloud will delete all your Entrusted Data, including the production environment and backups, one hundred and eighty (180) days after the termination hereof. This provision shall not apply if Alibaba Cloud is required by applicable law to retain some or all of the data or backup data archived in its system, in which case Alibaba Cloud shall securely segregate and protect such data from any impact until they can be deleted. Alibaba Cloud reserves the right to shorten the duration of its retention of such data after the termination hereof. In the case of any such change, Alibaba Cloud will update this Addendum. This clause does not apply to Scratch Orgs.
3.9 [Audit] Alibaba Cloud shall, at its selection and costs, engage independent qualified third-party security professionals and auditors to (regularly) verify the adequacy of its security measures and develop audit reports. You acknowledge that Alibaba Cloud is regularly audited by independent third-party auditors in accordance with generally accepted industry standards. At your written request, and subject to your execution of a confidentiality agreement covering the audit reports (with evidence that you are not a competitor of Alibaba Cloud), Alibaba Cloud will provide you with a summarized copy of the audit reports evidencing Alibaba Cloud’s compliance with the obligations set forth in this Addendum. You agree that your audit right will be exercised by instructing Alibaba Cloud to perform an audit as provided in this clause.
Article 4 Security Measures of Data Recipient
In consideration of the current state of the art, the costs of implementation, the nature, scope, background and purpose of Processing, as well as the possible risks of damage to the rights and freedoms of Personal Information subjects, Alibaba Cloud undertakes to take the following data security measures:
4.1 [Access Control for Premises and Facilities] Measures must be taken to prevent unauthorized physical access to the premises and equipment where Personal Information is stored, such as access control systems, ID card readers, magnetic and chip cards, monitoring equipment, and facility access records.
4.2 [Access Control for Information] The number of personnel with access to Entrusted Data and the quantity of information to be accessed shall be minimized, and access shall be granted only to authorized employees on a need-to-know basis. No unauthorized employee may access the Data Processor’s Entrusted Data or Processing system, regardless of physical or logical access.
4.3 [Availability Control] The Entrusted Data shall be protected from accidental damage or loss with measures that at least: ensure recovery of installed systems from interruption, ensure normal operation and failure reporting of systems, ensure that Personal Information stored will not be damaged due to any system failure, enable business continuity procedures, and enable remote storage and anti-virus/firewall systems.
4.4 [Data Encryption] Industry-accepted encryption products shall be adopted for the SFDC China Products to protect your data and the communications between your network and the SFDC China Products, including TLS with at least 2048-bit RSA server certificate and 128-bit symmetric encryption key. In addition, AES-256 encryption shall be used for the transmission of all data (including your data) between data centers for backup purpose. Your password will be stored using one-way salted hash. Alibaba Cloud will not record your password, or assign any default password to you. A random password will be generated for password reset (required upon first use) and automatically sent to the requesting user via email.
4.5 [Tenant Isolation] The SFDC China Products-related services shall be operated in a multi-tenant architecture designed to isolate and limit access to the Entrusted Data based on business needs. Such architecture shall provide effective logical separation of data between customers with customer-specific “organization IDs”, and allow access based on customer and user roles. Additional data isolation will be ensured by providing separate environments for different functions (especially testing and production).
4.6 [Access Log] The SFDC China Products will maintain access logs for users, including date, time, user ID, URL executed or entity ID of operation, operation executed (creation, update or deletion), and source IP address. Please note that, if you or your ISP uses NAT or PAT, the source IP address may be unavailable. Access logs will be stored for one hundred and eighty (180) days. If you suspect any improper access, Alibaba Cloud may provide you with access logs for your evidence collection and analysis.
4.7 [Security Log] All systems used in the provision of the SFDC China Products, including firewalls, routers, network switches and operating systems, shall log information to their respective system logging facilities or a centralized system logging server (for network systems) for security review and analysis.
4.8 [Reliability and Backup] All network components, load balancers, web servers and application servers shall adopt redundant configurations. All the Entrusted Data that you commit will be stored on the master database server with multiple active clusters for higher availability, will be stored on highly redundant carrier-grade disks and multiple data paths to ensure reliability and performance, and will be automatically copied to a secondary site in near real time and backed up to localized datastore until the last committed transaction. The backups will go through integrity verification. If the Salesforce Managed Package that you manage is de-installed by your administrator during subscription period, the copy and backups above may be unavailable, since such de-installation may cause deletion of the Entrusted Data committed for such service without any chance of recovery. This clause does not apply to Scratch Orgs.
4.9 [Sandbox] Sandbox subscription is for testing and development only, and is not applicable for production. As a part of system maintenance, Alibaba Cloud may delete any sandbox that you have not logged in to for one hundred and fifty (150) consecutive days. Alibaba Cloud will notify you via email of any such deletion at least thirty (30) days in advance. If you do not log in to the sandbox within the thirty (30)-day period (or a longer period, as the case may be), Alibaba Cloud will proceed with the deletion. The deletion of your sandbox does not terminate your sandbox subscription. If any sandbox is deleted during the period of your sandbox subscription, you may create a new sandbox.
4.10 [Other Matters] For more details of the security measures for Alibaba Cloud products, you may refer to the Alibaba Cloud Security Whitepaper.
Article 5 Responsibilities of Data Provider
5.1 You undertake that, during your use of the services in relation to the SFDC China Products, you shall collect, use and otherwise Process data in compliance with applicable Data Protection Laws, and be fully responsible for the accuracy, quality and legality of the Entrusted Data and for the means by which you obtain the Entrusted Data, and that your provision of the Entrusted Data to the Entrustee shall not violate the Data Protection Laws, breach any contract with others, or infringe upon the rights and interests of any third party.
5.2 If you delete the Salesforce Managed Package before the termination hereof, the Entrusted Data stored in the Salesforce Managed Package may become unavailable. Therefore, please be careful with such Processing.
Article 6 Cross-Border Data Transfer
6.1 Without your written consent, Alibaba Cloud will not make available the Entrusted Data or access to the Entrusted Data to any country or region other than the PRC. For the avoidance of doubt, making available the Entrusted Data or remote access to the Entrusted Data to any entity or individual in Hong Kong, Macao or Taiwan shall also be deemed as the cross-border transfer under this Article for the purpose of this Addendum.
6.2 If cross-border data transfer is necessary for the performance of the services in relation to the SFDC China Products, upon your written consent, Alibaba Cloud may proceed with such transfer only after fulfilling necessary obligations under applicable Data Protection Laws (including without limitation obtaining separate consent from individual, executing agreement on cross-border data transfer with offshore data recipient, and completing the security assessment of cross-border data transfer of the competent cyberspace administration).
6.3 If you make available your Entrusted Data (including the Personal Information contained therein) or access thereto to any country or region other than the PRC, you undertake to comply with all the requirements of applicable Data Protection Laws.
Article 7 Miscellaneous
Alibaba Cloud may modify the provisions of this Addendum, such as for compliance with applicable Data Protection Laws, without diminishing the legally required protection to you. This Addendum so modified shall be considered as the amended and restated version hereof published on the Alibaba Cloud platform. You will be notified in writing of any material amendment hereto at least fifteen (15) days in advance. Such notice may be published on the Alibaba Cloud platform. By further using relevant product or service upon receipt of any such written notice of modification from Alibaba Cloud, you represent that you agree to be bound by the Addendum as amended and restated.