INTEL’S SUPPLIER COMPLIANCE HANDBOOK

The Supplier Compliance Handbook is a resource for Intel suppliers to access Intel policies and supplier expectations. Intel reserves the right to update the Supplier Compliance Handbook from time to time. Contents 1. Definitions 2. Privacy& Data Security 3. Additional Compliance with Laws and Rules 4. Retention & Audits 5. Electronic Systems 6. Financial Data 7. Accessibility 8. Gift Meals and Entertainment Polices 9. Contingent Workforce Policies 10. Supplier Diversity 11. Business Continuity 12. Ownership and Bailment Revision 2021ww44 © 2021 Intel Corporation 1 1. DEFINITIONS 1.1 For purposes of this Intel’s Supplier Compliance Handbook only, the following definitions apply: (A) “Agreement” means collectively: (a) the agreement between Supplier and Intel that incorporates this Intel’s Supplier Compliance Handbook by reference; and (b) this Intel’s Supplier Compliance Handbook as incorporated. (B) “Supplier” means the party or parties with whom Intel is contracting under the Agreement. 2. PRIVACY & DATA SECURITY 2.1 Compliance with Applicable Privacy Laws & Regulations. Supplier and Intel agree to fully comply with all applicable laws and regulations governing the privacy, security, storage, transfer, and use of Personal Data. “Personal Data” and “Personal Information” are defined by the applicable privacy law or regulation and are used synonymously in this document. 2.2 No Information Selling or Sharing for Cross‐Context Behavioral Advertising. Supplier will not receive or disclose any Personal Data as consideration for any payments, services, or other items of value. Supplier will not sell or share any Personal Data, as the terms “sell” and “share” are defined in the California Consumer Privacy Act of 2018, as amended, including the California Privacy Rights Act (“CCPA”). Except for the business purposes specified in the written contract with Intel, Supplier will not retain, use, or disclose Personal Data (a) outside the direct business relationship with Intel or (b) for cross‐context behavioral advertising. Supplier must not combine Personal Data with other data if and to the extent such combination would be inconsistent with limitations on service providers under the CCPA. 2.3 Control and Ownership. Supplier must not access, collect, store, retain, transfer, use, or otherwise process in any manner any Personal Data, except: (i) in the interest and on behalf of Intel; and (ii) as directed by authorized personnel of Intel in writing. Without limiting the generality of the foregoing, Supplier may not make Personal Data accessible to any subcontractors or relocate Personal Data to new locations, except as set forth in written agreements with or written instructions from Intel. Supplier must return or delete any Personal Data when Intel requests it, except to the extent that to do so would violate applicable law. 2.4 Comply with Information Security Policies. Supplier must keep Personal Data secure from unauthorized access by using Supplier’s best efforts and state-of- the art organizational and technical safeguards. A. Supplier must comply with Intel’s Information Security Policy as set forth in the Intel Information Security Addendum (ISA) available at: https://www.intel.com/content/www/us/en/supplier/resources/misc/docum ents/intel-security-addendum.html. Revision 2021ww44 © 2021 Intel Corporation 2 2.5 2.6 2.7 B. C. D. If Supplier operates one or more cloud computing services to provide contracted services to Intel, Supplier will also comply with the ISA Appendix A – Cloud Security available at: https://www.intel.com/content/www/us/en/supplier/resources/misc/docum ents/isa-appendix-a-cloud.html. If Supplier operates one or more Outsourced Development Centers to provide contracted services to Intel, Supplier will also comply with the ISA Appendix B – Outsourced