EXHIBIT B: DATA PROCESSING ADDENDUM

Last revised: 27 September 2021

This Data Processing Addendum (“DPA”) is an agreement between Ably and the entity that has agreed to the Ably Terms of Service (or “you” as defined in the Terms; hereinafter, “Customer”). This DPA incorporates, as applicable, the Standard Contractual Clauses and supplements the Ably Terms of Service (hereinafter, the “Agreement”). Capitalized terms not otherwise defined herein will have the meanings given to them in the Agreement.

Customer acknowledges that Ably is a conduit of Content transmitted through the use of the Ably Solution, some of which may, unbeknownst to Ably, contain Personal Data as defined below. Such Personal Data is held only for as long as needed to transmit it (except if and to the extent the Customer elects to store such data, as data controller). Ably does not, in the provision of the Ably Solution, otherwise use, modify, access, store, process or transmit Personal Data or even have knowledge of its existence.

Customer may be the controller of Personal Data, or the processor of Personal Data. When Customer is the controller and shares Personal Data with Ably, Ably will be the processor of the Personal Data. When Customer is the processor and shares Personal Data with Ably, Ably will be the sub-processor of the Personal Data.

This DPA applies only to the extent that Ably processes Personal Data for Customer as Customer’s processor or sub-processor


DEFINITIONS

A. In this DPA, the following definitions apply:

B. The terms “controller”, “data subject”, “personal data”, “processor” and “processing” will have the meanings given to them in the UK GDPR or the EU GDPR, as applicable.

DATA PROTECTION

DPA ANNEX 1: TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES (Annex II/Appendix 2 to the Standard Contractual Clauses as applicable)