Data Processing Addendum

Date: October 1, 2021

Nasdaq has updated its Data Processing Addendum (DPA).  The DPA posted to this page was in effect for agreements executed between October 1, 2021, and September 12, 2022.   For all new agreements including a hyperlink to this page, the current and effective DPA is posted at https://www.nasdaq.com/data-processing-addendum.  If you have an agreement with Nasdaq that is subject to this DPA, and you wish to amend it to include the new DPA (which incorporates the latest version of the EU Standard Contractual Clauses and the UK International Data Transfer Addendum), please contact your Nasdaq account manager.

 

Below is the text from the posted version of the Nasdaq DPA dated October 1, 2021:

This Data Processing Addendum (this "DPA") forms part of the definitive written agreement between Nasdaq and Customer, which hyperlinks to this DPA (as amended from time to time, the "Agreement"). This DPA is effective as of the date the hyperlink to this DPA is incorporated into the Agreement (“Effective Date”). For the purposes of this DPA, “Nasdaq” means the Nasdaq contracting entity identified in the Agreement, and “Customer” means the Customer contracting entity identified in the Agreement. Nasdaq and Customer may be referred to herein collectively as the "Parties" or individually as a "Party."

Customer enters into this DPA on behalf of itself and its Affiliates to the extent Nasdaq Processes Customer Personal Data in performance of the Services for such Affiliates. For the purposes of this DPA only, and except where indicated otherwise in this DPA, the term "Customer" will include Customer and its Affiliates.

 

HOW THIS DPA APPLIES

This DPA is binding on the Parties only to the extent applicable Data Protection Laws govern the Processing of Customer Personal Data in performance of the Services. This DPA is fully incorporated into and made a part of the Agreement. This DPA replaces any existing terms, exhibits, schedules, appendices, addendums, or other attachments related to the Processing of Customer Personal Data unless otherwise expressly stated in this DPA. In the event of any inconsistency between the terms of this DPA and any terms of the Agreement with respect to Customer Personal Data, the terms of this DPA will govern and control.

 

DATA PROCESSING TERMS

The Parties agree that the terms of this DPA govern the Processing of Customer Personal Data in performance of the Services. Each Party, acting reasonably and in good faith, will comply with the terms of this DPA.  Any other Processing of Personal Data with respect to Customer and Customer’s users conducted by Nasdaq as a Data Controller, including business relationship administration and system security, will be carried out in accordance with Nasdaq’s then-current privacy policy located at the following hyperlink: https://www.nasdaq.com/privacy-statement (or any successor hyperlink).

1.              Definitions and Interpretation

Capitalized terms used in this DPA shall have the meanings set forth in this Section 1 and elsewhere in this DPA. All other capitalized terms not defined in this DPA will have the meanings set forth in the Agreement. For purposes of this DPA: (i) the words "include," "includes," and "including" are deemed to be followed by the words "without limitation"; (ii) the word "or" is not exclusive; (iii) words denoting the singular have a comparable meaning when used in the plural, and vice-versa; and (iv) words denoting any gender include all genders.

 

1.1            Affiliate” of a Party means any other entity that directly or indirectly, through one or more intermediaries, controls, is controlled by, or is under common control with, such Party. The term "control" (including the terms "controlled by" and "under common control with") means the direct or indirect power to direct or cause the direction of the management and policies of an entity, whether through the ownership of voting securities, by contract, or otherwise.

 

1.2            Customer Personal Data” means Personal Data Processed by Nasdaq (or any Sub-Processor) as a Data Processor on behalf of and at the direction of Customer in performance of the Services.

 

1.3            Data Controller” (or equivalent term under applicable Data Protection Laws) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

 

1.4            Data Processor” (or equivalent term under applicable Data Protection Laws) means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Data Controller.

 

1.5            Data Protection Laws” means any applicable laws or regulations governing the Processing of Customer Personal Data in performance of the Services, including, to the extent applicable, the European General Data Protection Regulation (the “GDPR”), the United Kingdom (UK) General Data Protection Regulation (the “UK GDPR”), and the California Consumer Privacy Act (“CCPA”).

 

1.6            Data Subject” means an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

1.7            Personal Data” means any information relating to a Data Subject that is subject to protection under applicable Data Protection Laws.

 

1.8            Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.

 

1.9            Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, retention, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

1.10         Restricted Transfermeans: (a) a transfer of Customer Personal Data from Customer to Nasdaq; or (b) an onward transfer of Customer Personal Data from Nasdaq to a Sub-Processor; in each case, where such transfer would be prohibited by applicable Data Protection Laws in the absence of appropriate safeguards, including the Standard Contractual Clauses or UK Standard Contractual Clauses (as applicable).

 

1.11         Services” means the services provided by Nasdaq to Customer (or Customer’s Affiliates, as the case may be) under the Agreement.

 

1.12         Special Data Categories” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation; or such other similar types of information designated for heightened protection under applicable Data Protection Laws.

 

1.13         Standard Contractual Clauses” means the Commission Implementing Decision (EU) 2021/914 establishing Standard Contractual Clauses for data transfers to Third Countries (as amended, modified, or replaced from time to time); specifically, the applicable module within the Standard Contractual Clauses is MODULE TWO (Transfer Controller to Processor). For the avoidance of doubt, MODULE ONE (Transfer Controller to Controller), MODULE THREE (Transfer Processor to Processor), and MODULE FOUR (Transfer Processor to Controller) do not apply to this DPA.  “UK Standard Contractual Clauses” means the European Commission Standard Contractual Clauses for the Transfer of Personal Data to Processors Established in Third Countries (2010/87/EU) as adopted under the UK GDPR or such successor clauses as may be adopted by the UK.

 

1.14         Sub-Processor” means a Data Processor engaged by Nasdaq for the purpose of Processing Customer Personal Data in performance of the Services.

 

1.15         Supervisory Authority” means the relevant governmental body or bodies having jurisdiction over the Processing of Customer Personal Data under this DPA.

 

2.              Processing of Customer Personal Data

 

2.1            Roles of the Parties. To the extent Nasdaq Processes Customer Personal Data in performance of the Services, the Parties agree that Customer is the Data Controller and Nasdaq is the Data Processor.

 

2.2            Nasdaq as Data Processor.  Nasdaq, as Data Processor, will Process Customer Personal Data only on the documented instructions of Customer as provided in Section 2.5 and Section 2.6 of this DPA. Nasdaq will not Process Customer Personal Data for any other purpose, except to the extent Processing of Customer Personal Data is required by applicable laws.

 

2.3            CCPA-Specific Terms. If Nasdaq is Processing Customer Personal Data within the scope of the CCPA in performance of the Services, Nasdaq makes the following additional commitments to Customer: Nasdaq will not retain, use, or disclose such Customer Personal Data for any purpose other than for the purposes set out in this DPA or as otherwise permitted under the CCPA. In no event will Nasdaq sell any such Customer Personal Data. With respect to CCPA-covered Customer Personal Data, these CCPA-specific terms take precedence over any conflicting data protection commitments Nasdaq makes to Customer in this DPA.

 

2.4            Customer as Data Controller. Customer, as Data Controller, agrees that Customer:

 

 

(a)             is solely responsible for the accuracy, quality, and legality of Customer Personal Data, including the means by which Customer acquires Customer Personal Data;

 

(b)             is solely responsible for any registration, notice, or other authorization with any regulator required under applicable laws to engage Nasdaq to perform the Services;

 

(c)             has the authority to transmit or disclose Customer Personal Data to Nasdaq (or permit Nasdaq to access Customer Personal Data); and

 

(d)             will provide Nasdaq with lawful instructions with respect to the Processing of Customer Personal Data.

 

2.5            Customer’s Instructions. Customer instructs Nasdaq (and authorizes Nasdaq to instruct each Sub-Processor) to Process Customer Personal Data in performance of the Services, including any necessary Restricted Transfers. The Parties agree that the scope of Customer’s instructions for the Processing of Customer Personal Data is defined by: (i) the Agreement; (ii) any applicable ordering documents, including service orders, order forms, statements of work, and product or service descriptions; (iii) this DPA; and (iv) any Modified Instructions (as defined in Section 2.6).

 

2.6            Modified Instructions. Customer may request amendments to Customer’s instructions, where such amendments are required to ensure that Customer complies with applicable Data Protection Laws and Customer cannot achieve Customer’s compliance with applicable Data Protection Laws unless Nasdaq implements such instructions (“Modified Instructions”), by submitting a written request to Nasdaq in accordance with the change control or amendment procedures set forth in the Agreement. Customer and Nasdaq may mutually agree in writing to amend the Agreement to effect such Modified Instructions. If Nasdaq notifies Customer that it is infeasible or impracticable to implement any Modified Instructions, Customer may terminate the applicable Service by providing Nasdaq with written notice within thirty (30) days of Nasdaq’s notification and receive a prorated refund of prepaid fees applicable to the terminated Service for the period after termination. This Section 2.6 states Customer’s sole and exclusive remedy, and Nasdaq’s sole liability, with regard to Modified Instructions.

 

2.7            Duty to Inform. To the extent required by applicable Data Protection Laws, Nasdaq will immediately inform Customer if, in Nasdaq's opinion, any Customer instruction violates such applicable Data Protection Laws.

 

2.8            Details of the Processing of Customer Personal Data. The details of the Processing of Customer Personal Data are set forth in Appendix 1 (Processing Details) to this DPA.

 

2.9            Processing of Special Data Categories. Any Processing of Special Data Categories is subject to mutual agreement of the Parties and must be set forth in a schedule to this DPA or a separate written agreement between the Parties.

 

3.              Confidentiality Obligations of Nasdaq Personnel

 

3.1            Confidentiality Obligations of Nasdaq Personnel. Nasdaq will ensure that any person it authorizes to Process Customer Personal Data is: (a) subject to confidentiality and restricted use obligations that are no less protective than the confidentiality and restricted use obligations set forth in the Agreement; or (b) under an appropriate statutory obligation of confidentiality.

 

4.              Information Security Program

 

4.1           Information Security Program. Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Nasdaq will in relation to Customer Personal Data implement a written information security program that includes technical and organizational measures designed to protect such Customer Personal Data against unauthorized access, use, disclosure, alteration, or destruction, including the measures set forth in Article 32(1) of the GDPR (and corresponding provisions of the UK GDPR) to the extent such measures are applicable to Nasdaq’s Processing of Customer Personal Data in performance of the Services (“Information Security Program”). As of the Effective Date of this DPA, a summary of such Information Security Program is set forth in Appendix 2 (Information Security Program) to this DPA.

 

5.              Subprocessing

 

5.1            Use of Sub-Processors; Liability. Customer authorizes Nasdaq to use Sub-Processors, including Nasdaq's Affiliates, for the purpose of providing the Services. Nasdaq will enter into a written agreement with each Sub-Processor containing data protection obligations not less protective than those set forth in this DPA with respect to the Processing of Customer Personal Data. Nasdaq will remain responsible for any Processing of Customer Personal Data by Sub-Processors.

 

5.2            Initial Sub-Processor List. Customer expressly authorizes the use of the Sub-Processors set forth in Appendix 3 (Sub-Processors) to this DPA. Nasdaq may engage new Sub-Processors in accordance with Section 5.3 (Notice and Customer’s Right to Object to New Sub-Processors) of this DPA.

 

5.3            Notice and Customer’s Right to Object to New Sub-Processors. Nasdaq will notify Customer of its intention to engage any new Sub-Processor in accordance with the notice procedures set forth in the Agreement or as otherwise provided in this DPA. Customer will have ten (10) days from the date of such notification to reasonably object to the engagement of any new Sub-Processor by providing written notice to Nasdaq. If Customer objects to the engagement of a new Sub-Processor and the Parties cannot reach an agreement as to the use of the new Sub-Processor, Customer may terminate the portion of the Service for which the new Sub-Processor is engaged and receive a prorated refund of prepaid fees applicable to the terminated portion of the Service for the period after termination as its sole and exclusive remedies. If Customer has not notified Nasdaq of its objection within the time period set forth in this Section 5.3, Customer will be deemed to have approved the use of the new Sub-Processor.

 

5.4            Automated Notification Mechanism. For purposes of providing notice in accordance with Section 5.3 of this DPA, Nasdaq may implement mechanisms by which Customer can receive automated notifications of new Sub-Processor engagements (each, an "Automated Notification Mechanism") at no additional cost to Customer. If Nasdaq implements an Automated Notification Mechanism, Nasdaq will notify Customer and provide detailed instructions on the use of such Automated Notification Mechanism. Customer agrees to register for and use any Automated Notification Mechanism if it is made available by Nasdaq.

 

5.5            Restricted Transfers to Sub-Processors. To the extent Nasdaq makes a Restricted Transfer to a Sub-Processor, Nasdaq will establish appropriate safeguards for such Restricted Transfer as required by applicable Data Protection Laws.

 

6.              Assistance to Customer Related to Data Subject Requests

 

6.1            Data Subject Request Notification. Nasdaq will promptly notify Customer if Nasdaq receives a request from a Data Subject to exercise his or her rights under applicable Data Protection Laws with respect to Customer Personal Data.

 

6.2            Customer’s Responsibility with respect to Data Subject Requests. Customer will be solely responsible for responding to requests, complaints, and all other communications from Data Subjects; provided, however, Nasdaq may confirm to the Data Subject that Nasdaq received his or her communication. To the extent that Customer can respond to such requests by using its access to Customer Personal Data or any “self-service” functionality of the Services, Customer will do so.

 

6.3            Assistance in Responding to Data Subject Requests. Upon Customer's written instruction and to the extent required by applicable Data Protection Laws, Nasdaq will provide Customer with assistance to fulfill Customer’s obligations to respond to requests from Data Subjects to exercise his or her rights under applicable Data Protection Laws by implementing appropriate and technical organizational measures, insofar as it is possible, taking into account the nature of the Processing.

 

7.              Assistance with Customer’s Other Data Protection Rights and Obligations

 

7.1            Assistance Related to Customer’s Other Data Protection Rights and Obligations. Taking into account the nature of the Processing and the information available to Nasdaq, Nasdaq will provide assistance required to be provided by Data Processors to Data Controllers under applicable Data Protection Laws, including the assistance required under Article 28(3) of the GDPR (and the corresponding provisions of the UK GDPR) to the extent such assistance is applicable to Nasdaq’s Processing of Customer Personal Data in performance of the Services.

 

7.2            Information Security Materials. Upon Customer's written request, Nasdaq will make available to Customer the relevant information security materials for the applicable Service (the "Information Security Materials") through an access-restricted website in read-only format. The Information Security Materials are the Confidential Information of Nasdaq. Nasdaq may modify, amend, or replace the Information Security Materials without notice to Customer. To the extent available for the applicable Service, the Information Security Materials may contain the following:

 

(a)             A summary of any third-party audits or certifications relating to the security controls of the applicable Service, including any Service Organization Control (SOC) Type 2 reports and ISO 27001:2013 certifications;

 

(b)             Nasdaq’s Acceptable Use Policy, Data Classification Policy, Mobile Device Policy, and Information Security Policy;

 

(c)             Nasdaq’s Access Control Standard, Enterprise Patch Management Standard, Logging Standard, Network Security Standard, Password Standard, and Web Application Security Standard;

 

(d)             Nasdaq’s Code of Ethics and Nasdaq’s Privacy Policy; and

 

(e)             Any other published materials made available by Nasdaq, which further describe Nasdaq’s principles, programs, and practices regarding information security and privacy.

 

8.              Customer Audit Rights

 

8.1            Customer Audit Rights. In order to satisfy any audit or inspection request by Customer under applicable Data Protection Laws or the Standard Contractual Clauses, Nasdaq will provide Customer with the assistance and Information Security Materials set forth in Section 7 of this DPA in order to verify Nasdaq's compliance with its obligations under this DPA.

 

9.              Return or Deletion of Customer Personal Data

 

9.1            Return or Deletion of Customer Personal Data. Upon termination of the Agreement, Nasdaq will delete, return, or provide Customer with a mechanism to allow Customer to obtain a copy of or delete all Customer Personal Data, except to the extent Nasdaq or its Affiliates are required to retain such Customer Personal Data under applicable laws or document retention policies adopted in accordance with such laws; provided, however, the confidentiality and restricted use obligations set forth in the Agreement will continue to apply to such Customer Personal Data for the duration of such retention.

 

10.            Personal Data Breach of Customer Personal Data

 

10.1         Personal Data Breach Notification. If Nasdaq becomes aware of a Personal Data Breach of the Services involving Customer Personal Data, Nasdaq will notify Customer of such Personal Data Breach without undue delay unless prohibited by law or as otherwise requested by a governmental authority.

 

10.2         Personal Data Breach Assistance. If Nasdaq notifies Customer of a Personal Data Breach in accordance with Section 10.1 of this DPA, Nasdaq will provide Customer with assistance in relation to handling a Supervisory Authority's request for information with respect to such Personal Data Breach as required by applicable Data Protection Laws.

 

11.            Restricted Transfers

 

11.1         Standard Contractual Clauses. To the extent that Customer makes a Restricted Transfer to Nasdaq (except for a Restricted Transfer subject to the UK GDPR which shall be governed by Section 11.4 below), the Parties agree that the Standard Contractual Clauses will apply to such Restricted Transfer. The Standard Contractual Clauses are incorporated by reference into this DPA, and the remaining details required under the Standard Contractual Clauses are deemed completed, as appropriate, with the information set forth in this DPA, including the appendices to this DPA. For purposes of the Standard Contractual Clauses, the Parties agree:

 

(a)             Clause 7 (Docking Clause) shall not apply;

 

(b)             Option 2 (General Authorization) of Clause 9 shall apply;

 

(c)             The optional language in Clause 11 (Redress) shall not apply;

 

(d)             For Clause 13 (Supervision), the Supervisory Authority with responsibility for ensuring compliance by the data exporter with the GDPR with regard to Restricted Transfers, namely, the lead Supervisory Authority of the data exporter, shall act as the competent Supervisory Authority; and

 

(e)             For Clause 17 (Governing Law), Option 2 shall apply and that, in the event that the law of the jurisdiction in which the data exporter is established does not allow for third-party beneficiary rights, the Standard Contractual Clauses shall be governed by the laws of Sweden.

 

11.2         Details of the Standard Contractual Clauses. The Personal Data Processing activities in Appendix 1 to the Standard Contractual Clauses will be such activities as necessary for Nasdaq to perform the Services for Customer as described in the Agreement. The categories of Data Subjects and categories of Personal Data in Appendix 1 to the Standard Contractual Clauses will be those provided by Customer to Nasdaq pursuant to the Services as set forth in Appendix 1 (Processing Details) to this DPA. The data security measures in Appendix 2 to the Standard Contractual Clauses will be those identified in Appendix 2 (Information Security Program) of this DPA. The initial list of Sub-Processors authorized to assist in providing the Services is set forth in Appendix 3 (Sub-Processors) to this DPA.

 

11.3         Non-EEA Jurisdictions; Conflicts. To the extent that the jurisdiction of the data exporter is not located in the European Economic Area or United Kingdom, the Standard Contractual Clauses shall be deemed to be amended to remove references to the European Union and its laws and replace such references to the jurisdiction of the data exporter and that jurisdiction's applicable Data Protection Laws. In the event of any inconsistency between the terms of the Standard Contractual Clauses and any terms of this DPA with respect to Restricted Transfers, the terms of the Standard Contractual Clauses will govern and control with respect to such Restricted Transfers.

 

11.4          Restricted Transfers Under UK GDPR.  To the extent that Customer makes a Restricted Transfer to Nasdaq subject to the UK GDPR, the Parties agree that the UK Standard Contractual Clauses will apply to such Restricted Transfer. The UK Standard Contractual Clauses are incorporated by reference into this DPA, and the remaining details required under the UK Standard Contractual Clauses are deemed completed, as appropriate, with the information set forth in this DPA, including the appendices to this DPA.  The Personal Data Processing activities in Appendix 1 to the UK Standard Contractual Clauses will be such activities as necessary for Nasdaq to perform the Services for Customer as described in the Agreement. The categories of Data Subjects and categories of Personal Data in Appendix 1 to the Standard Contractual Clauses will be those provided by Customer to Nasdaq pursuant to the Services as set forth in Appendix 1 (Processing Details) to this DPA. The data security measures in Appendix 2 to the Standard Contractual Clauses will be those identified in Appendix 2 (Information Security Program) of this DPA.  In the event of any inconsistency between the terms of the UK Standard Contractual Clauses and any terms of this DPA with respect to Restricted Transfers subject to the UK GDPR, the terms of the UK Standard Contractual Clauses will govern and control with respect to such Restricted Transfers.

 

12.            LIMITATIONS OF LIABILITY

 

12.1         ADDITIONAL LIABILITY CAP. EXCEPT AS PROVIDED IN SECTION 12.2 (EXCEPTIONS), IN NO EVENT WILL EITHER PARTY’S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS DPA, WHETHER ARISING UNDER OR RELATED TO BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL OR EQUITABLE THEORY, EXCEED THE TOTAL AMOUNTS PAID AND AMOUNTS ACCRUED BUT NOT YET PAID TO NASDAQ FOR THE AFFECTED SERVICE IN THE TWELVE (12) MONTH PERIOD PRECEDING THE EVENT GIVING RISE TO THE CLAIM.

 

12.2         EXCEPTIONS. THE LIMITATION IN SECTION 12.1 (ADDITIONAL LIABILITY CAP) DOES NOT APPLY TO: (A) LIABILITY ARISING FROM A PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT; (B) A PARTY’S INDEMNIFICATION OBLIGATIONS SET FORTH IN THE AGREEMENT; AND (C) THE EXTENT PROHIBITED BY LAW.

 

12.3         NO DOUBLE RECOVERY; SURVIVAL. SECTION 12 (LIMITATIONS OF LIABILITY) OF THIS DPA SETS OUT THE EXCLUSIVE LIABILITY OF EACH PARTY WITH RESPECT TO THIS DPA. NEITHER PARTY IS ENTITLED TO RECOVER DAMAGES MORE THAN ONCE FROM THE OTHER PARTY WITH RESPECT TO ANY MATTER ARISING FROM THE SAME FACTS AND CIRCUMSTANCES. SECTION 12 (LIMITATIONS OF LIABILITY) OF THIS DPA WILL SURVIVE TERMINATION OF THE AGREEMENT AND THIS DPA.

 

13.            Miscellaneous

 

13.1         Assistance Costs. To the extent legally permitted, Customer is responsible for the reasonable costs and fees associated with Nasdaq's provision of assistance under this DPA and implementation of any Modified Instructions.

 

13.2         Expansion or Modification of Customer Audit Rights. For the avoidance of doubt, no provision in this DPA will be deemed to expand or modify the audit rights of Customer under the Agreement.

 

13.3         Choice of Law. Except with respect to the Standard Contractual Clauses, this DPA is governed by the laws that govern the Agreement, and any dispute between the Parties will be handled as set forth in the Agreement.

 

13.4         Entire Agreement; Amendments and Modifications. This DPA, together with all exhibits, schedules, addenda, and appendices attached to this DPA and any other documents incorporated into this DPA by reference, constitutes the sole and entire agreement of the Parties with respect to the subject matter of this DPA and supersedes all prior and contemporaneous understandings, agreements, and representations and warranties, both written and oral, with respect to such subject matter. Except as expressly provided in this DPA, the terms of the Agreement are and will remain in full force and effect. This DPA may only be amended by a written amendment that specifically references this DPA and the intent of the Parties to modify this DPA.

 

 

Appendices to the Standard Contractual Clauses

 

The applicable Appendices to the Standard Contractual Clauses for each group of Nasdaq services are linked below

 

Click here for the Appendices for Market Technology Services

Click here for the Appendices for Corporate Solutions Services

Click here for the Appendices for Nasdaq Fund Secondaries