Talent Match Service Schedule

Version 2.1

Updated July 2023

This Talent Match Service Schedule (the “Service Schedule”) is entered into as of the Effective Date set forth on the Order Form by and between Pearson and Client. The Service Schedule incorporates by reference the Workforce Skills Agreement (the “WSA”) and any exhibits thereto. Capitalized terms not otherwise defined in this Service Schedule shall have the meaning set forth on the WSA.

1.     Definitions. Capitalized terms not otherwise defined herein have the meanings set forth below.

a)     “Authorized Client” means an individual or entity who is authorized by Client to access the Services on behalf of the Client or Affiliate.

1. "Connected User" means a User that has consented to share their User Account Data with Client.

2. “TM Account Data” means the data elements set forth on Schedule A that a Connected User consents to share with Client.

2.     Use of Pearson Talent Match

1. Subscription. A subscription allows an Authorized Client to access the Services. During an active subscription term, Client may add additional subscriptions by executing Order Forms.

2. Access to Connected Users.

   • Subject to consent from an User, Pearson agrees to provide to Client the TM Account Data elements set forth on Schedule A.

   • Users may delete or make private their Credentials or accounts at any time. Users may also choose to withdraw their consent to share their Personal Data with Client at any time. Any such action shall revoke the right of Client to access such Connected User Data and shall not constitute a breach of this Agreement, nor shall Client be entitled to any remuneration by Pearson for such action by an User.

   • Client is responsible for the content of its communications to Connected Users when using the Services or other means of communication, and Pearson disclaims all liability for such content, including as to whether such content is legal.

3. Client acknowledges and agrees that:

   • Credentials issued using the Services are issued by third parties and that Issuers may revoke, delete, or modify Credentials issued by them at any time;

   • Users may delete or make private their Credentials or accounts at any time;

   • Connected Users may also choose to withdraw their consent to share their personal information with Client at any time; and

   • Credentials may include third-party intellectual property and that Pearson does not provide any license, sub-license, or other rights in third-party intellectual property.

4. Client Use Restrictions. Client agrees that it will not, and will not enable or authorize any third party, to:

   • Identify or contact Connected Users without a reasonable and legitimate intent to hire for a bona fide job opportunity or the specific position listed;

   • Download, reproduce, copy, modify, or distribute the TM Account Data and Credential Data received or accessed from the Services, whether directly or through third parties without the consent of Pearson and the User

   • “Spam” or otherwise contact applicants for purposes other than related to the specific employment opportunity described in the posting;

   • Share any information regarding an User’s job search with that User’s current employer;

   • Harass, stalk, or contact any User after they have asked not to be contacted;

   • Solicit Users by intentional misrepresentation;

   • Engage in recruitment or hiring practices that would be a violation of the law in Client’s state or country, the state or country where the job is to be performed, or the applicable laws of the jurisdiction that governs this Service Schedule;

   • Engage in solicitations, communications or transactions that violate any applicable laws or regulations related to the prohibition of employment discrimination, or that violate applicable laws governing legal eligibility to work; or

   • Develop, support or use software, devices, scripts, robots or any other means or processes (including crawlers, browser plugins and add-ons or any other technology) to access, modify, download, query, copy or otherwise collect information from the Services.

3.     Privacy

1. Rights of Data Subjects. The Parties are, in their roles as separate Controllers, individually responsible for fulfilling the rights of data subjects regarding the processing of Personal Data transferred under this Service Schedule.

2. Conflicts. In the event of any conflict between the data protection terms in the Agreement and this Service Schedule, the relevant terms of the Service Schedule will take precedence. In the event of any conflict between the provisions of the SCC (module 1) and the remaining terms of this Service Schedule, the SCC (module 1) shall take precedence.

3. Obligations upon Termination. Upon termination of this Service Schedule and any applicable Order Form, Client must irreversibly delete the Personal Data of any User received from Pearson pursuant to this Service Schedule, including any Connected User Data. Notwithstanding the foregoing, Client may continue to process the Personal Data of a Connected User pursuant to the User’s lawful consent.

4. Standard Contractual Clauses. The Parties agree that module 1 (Controller-to-Controller) of the Standard Contractual Clauses as approved by European Commission and set forth at Annex I hereto, shall apply to the transfer of Personal Data from any Pearson Affiliate based in the European Economic Area and their member states, Switzerland and the United Kingdom to Client or any of its Affiliates that are based in a third-country that is not deemed to be adequate by the European Commission. Client agrees to Process the Personal Data received from Pearson solely for the purpose for which it has received the Personal Data under the Agreement.

[Remainder of Page Left Blank]

Schedule A

TM Account Data Elements

• Credly Profile First Name

• Credly Profile Last Name

• Credly Profile Bio

• Credly Profile URL

• Credly Credentials

• User preferred contact information

• Supplemental information provided by User at User’s discretion

[Remainder of Page Blank]

Annex I

Standard Contractual Clauses (Controllers to Controllers)

Where applicable, the parties hereby enter into the 2021 European Union Standard Contractual Clauses (module 1: Controller to Controller) with Annex I of this Service Schedule superseding and replacing Annex I of the DPA.

1. LIST OF PARTIES

The “data exporter”:

Credly, Inc.

368 9^th Avenue, Sixth Floor

New York, NY 10001

Tel.: 800.841.5890

E-mail: legal@credly.com

The “data importer”: the entity listed as the Client in the Agreement.

Contact information related to the data importer found in the Agreement

each a “party”; together “the parties”.

1. DESCRIPTION OF THE TRANSFER

Data subjects

The personal data transferred may include the following categories of data subjects: Individuals who have accounts on the exporter’s software platform

Purposes of the transfer(s). The transfer is made for the following purposes: Performance of the services provided by data exporter to data importer in accordance with the Agreement.

Categories of data. The personal data transferred may include the following categories of data:

• First Name

• Last Name

• Title

• Employer

• Contact information (email, phone, physical business address)

• Professional life data

• Personal life data

• Localization data

Recipients. The personal data transferred may only be disclosed to the following recipients or categories of recipients: Processing of personal data is limited to those personnel performing services in accordance with the Agreement.

Sensitive data (if appropriate): None

Data protection registration information of data exporter (where applicable): Not applicable

Additional useful information (storage limits and other relevant information): As set forth in the Agreement.

Contact points for data protection enquiries

• Data importer Contact points for data importer can be found in the Agreement.

• Data exporter: Email: privacy@credly.com; Tel.: 800-841-5890

1. COMPETENT SUPERVISORY AUTHORITY

Data Protection Commission (of Ireland)