28
<br /> Exhibit A: Data Security and Privacy Schedule
<br /> 1. Definitions
<br /> a. "CrowdStrike Systems" means those computer systems hosting the 'Falcon EPP Platform'.
<br /> b. "Customer Data" means the data generated by the Customer's Endpoint and collected by: (i)the Products,
<br /> and/or(ii) the CrowdStrike Tools, and in either case, sent to the CrowdStrike Systems. Customer Data is
<br /> considered Customer's Confidential Information (defined in Section 7 Confidentiality) and subject to the
<br /> exclusions, exceptions and obligations set forth therein and this Exhibit A Data Security and Privacy
<br /> Schedule.
<br /> c. "Execution Profile/Metric Data" means any machine-generated data, such as metadata derived from
<br /> tasks, file execution, commands, resources, network telemetry, executable binary files, macros, scripts,
<br /> and processes, that: (i) Customer provides to CrowdStrike in connection with this Agreement or (ii) is
<br /> collected or discovered during the course of CrowdStrike providing Offerings, excluding any such
<br /> information or data that identifies Customer or to the extent it includes Personal Data.
<br /> d. "Personal Data" means information provided by Customer to CrowdStrike or collected by CrowdStrike
<br /> from Customer used to distinguish or trace a natural person's identity, either alone or when combined with
<br /> other personal or identifying information that is linked or linkable by CrowdStrike to a specific natural person.
<br /> Personal Data also includes such other information about a specific natural person to the extent that the
<br /> data protection laws applicable in the jurisdictions in which such person resides define such information as
<br /> Personal Data.
<br /> e. "Privacy and Security Laws" means U.S. federal, state and local and non-U.S. laws, including those of
<br /> the European Union, that regulate the privacy or security of Personal Data and that are directly applicable
<br /> to CrowdStrike.
<br /> f. "Security Breach" means unauthorized access to, or unauthorized acquisition of: (i) Customer Data, or
<br /> (ii) Personal Data, stored on CrowdStrike Systems that results in the compromise of such Customer Data
<br /> and/or Personal Data.
<br /> g. "Threat Actor Data" means any malware, spyware, virus, worm, Trojan horse, or other potentially
<br /> malicious or harmful code or files, URLs, DNS data, network telemetry, commands, processes or
<br /> techniques, metadata, or other information or data, in each case that is potentially related to unauthorized
<br /> third parties associated therewith and that: (i) Customer provides to CrowdStrike in connection with this
<br /> Agreement,or(ii) is collected or discovered during the course of CrowdStrike providing Offerings,excluding
<br /> any such information or data that identifies Customer or to the extent that it includes Personal Data.
<br /> 2. Falcon Platform
<br /> The'Falcon EPP Platform' uses a crowd-sourced environment,for the benefit of all customers,to help customers
<br /> protect themselves against suspicious and potentially destructive activities. CrowdStrike's Products are designed
<br /> to detect, prevent, respond to, and identify intrusions by collecting and analyzing data, including machine event
<br /> data, executed scripts, code, system files, log files, dll files, login data, binary files, tasks, resource information,
<br /> commands, protocol identifiers, URLs, network data, and/or other executable code and metadata. Customer,
<br /> rather than CrowdStrike, determines which types of data, whether Personal Data or not, exist on its systems.
<br /> Accordingly, Customer's endpoint environment is unique in configurations and naming conventions and the
<br /> machine event data could potentially include Personal Data. CrowdStrike uses the data to: (i) analyze,
<br /> characterize, attribute, warn of, and/or respond to threats against Customer and other customer, (ii) analyze
<br /> trends and performance, (iii) improve the functionality of, and develop, CrowdStrike's products and services, and
<br /> enhance cybersecurity; and (iv) permit Customers to leverage other applications that use the data, but for all of
<br /> the foregoing, in a way that does not identify Customer or Customer's Personal Data to other customers. Neither
<br /> Execution Profile/Metric Data nor Threat Actor Data are Customer's Confidential Information or Customer Data.
<br /> 3. Processing Personal Data
<br /> a. Provisioning/Use of Offerings. Personal Data may be collected and used during the provisioning and use
<br /> of the Offerings to deliver, support and improve the Offerings, administer the Agreement and further the
<br /> business relationship between Customer and CrowdStrike, comply with law, act in accordance with
<br /> Customer's written instructions, or otherwise in accordance with this Agreement. Customer authorizes
<br /> CrowdStrike to collect, use, store, and transfer the Personal Data that Customer provides to CrowdStrike
<br /> as contemplated in this Agreement.
<br /> CrowdStrike Form May 27 2019 13 of 17
<br />
|