INTEL’S SUPPLIER COMPLIANCE HANDBOOK

The Supplier Compliance Handbook is a resource for Intel suppliers to access Intel policies and supplier expectations. Intel reserves the right to update the Supplier Compliance Handbook from time to time. Contents 1. Definitions 2. Privacy & Data Security 3. Additional Compliance with Laws and Rules 4. Retention and Audits 5. Electronic Systems 6. Financial Data 7. Accessibility 8. Intel’s Gifts, Meals, Entertainment, & Travel Policy for Third Parties 9. Intel’s Contingent Workforce Policy 10. Human Rights Principles and Code of Conduct 11. Intel’s Contract Compliance / Most Favored Customer (MFC) Program 12. Supplier Diversity Policy 13. Business Continuity Plan Expectations 14. Ownership and Bailment Revision2023ww40 © 2023 Intel Corporation 1 1. DEFINITIONS 1.1 For purposes of this Intel’s Supplier Compliance Handbook only, the following definitions apply: (A) “Agreement” means collectively: (a) the agreement between Supplier and Intel that incorporates this Intel’s Supplier Compliance Handbook by reference; and (b) this Intel’s Supplier Compliance Handbook as incorporated. (B) “Supplier” means the party or parties with whom Intel is contracting under the Agreement. 2. PRIVACY & DATA SECURITY 2.1 Compliance with Applicable Privacy Laws & Regulations. Supplier and Intel agree to fully comply with all applicable laws and regulations governing the privacy, security, storage, transfer, and use of Personal Data, including without limitation, where applicable, the General Data Protection Regulation EU 2016/679 (“GDPR”), Standard Contractual Clauses set out in the Annex to European Commission Implementing Decision (EU) 2021/914 for data transfers to processors (“SCCs”), the United Kingdom Data Protection Act of 2018 (“UK GDPR”), the UK’s Information Commissioner Office’s International Data Transfer Addendum to the SCCs as set forth in Section 2.12 below (“ICO Addendum”), the Swiss Federal Act on Data Protection (“Swiss FADP”), the EU-U.S. Data Privacy Framework Principles, including the Supplemental Principles and Annex I of the Principles (“DPF”) and the Swiss DPF and UK extension, the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act and any subsequent amendments (“CCPA”), the Brazilian Data Protection Law (“LGPD”), the Chinese Personal Information Protection Law (“PIPL”), the Israeli Protection of Privacy Law 5741-1981 (“PPL”), the Japanese Act on the Protection of Personal Information (“APPI”), the Payment Card Industry (“PCI”) Data Security Standard, Health Insurance Portability and Accountability Act (“HIPAA”) requirements for business associates, as well as similar frameworks (collectively, the “Data Privacy Laws”). For Personal Data subject to a Data Privacy Law, if a provision of this Section 2 conflicts with the relevant, Data Privacy Law, the Data Privacy Law will prevail. “Personal Data” and “Personal Information” are defined by the applicable, Data Privacy Law and are used synonymously in this document unless otherwise specified. 2.2 No Information Selling or Sharing for Cross‐Context Behavioral Advertising. Supplier will not receive or disclose any Personal Data as consideration for any payments, services, or other items of value. Supplier will not sell, share, or engage in any targeted advertising with any Personal Data, as the terms “sell”, “share”, and “targeted advertising” are defined in the CCPA. Supplier will not retain, use, or disclose Personal Data: (i) outside the direct business relationship with Intel or (ii) for cross‐context behavioral advertising, (iii) except for the business purposes specified in the written contract with Intel. Supplier must not combine Personal Data with other data if and to the extent such Revision2023ww40 © 2023 Intel Corporation 2 2.3 2.4