This Privacy Policydescribes how monday.com Ltd. (together with its affiliated companies – “monday.com”,“we”, “our” or “us”) collects, stores, uses and disclosesthe following categories of personal data:

(i) CustomerData: personal data that we collect, process and manage on behalf of ourbusiness customers (“Customers”), submitted to the monday.comcloud-based services, including our platforms, products, applications,application programming interface (“API”), tools, and any ancillary orsupplementary monday.com products and services (including Upgrades (as definedin the Termsof Service)), offered online and via a mobile application(collectively, “Platform”).

We process such CustomerData on behalf and under the instruction of the respective Customer in ourcapacity as a “data processor”, in accordance with our DataProcessing Addendum with them. For more information, pleaserefer to Section 9 below.

Accordingly, thisPrivacy Policy – which describes monday.com’s independent privacy and dataprocessing practices as a “data controller” – with respect to thePlatform, Sites (as defined below) and any other services provided to Customerby monday.com (“Services”), and does not apply to the processing ofCustomer Data. If you have any questions or requests regarding Customer Data,please contact your account administrator(s) (“Account Admin”) directly.

(ii) User Data:personal data concerning our Customers’ internal focal persons who directlyengage with monday.com concerning their monday.com account (e.g. billingcontacts and authorized signatories), Customers’ Account Admins, and authorizedusers of the Platform (collectively, “Users”);

(iii) ProspectData: data relating to visitors of our websites (including but not limitedto www.monday.com),participants at events, and any other prospective customer, user or partner(collectively, “Prospects”) who visit or otherwise interact with ourprograms, marketing and social activities and our websites, digital ads andcontent, emails, integrations or communications under our control (“Sites”).

(iv) TechnologyPartner Data: data relating to individuals participating and/or engaging asa participant, candidate, applicant or any other prospective or existingtechnology partners (including as developer or technology ambassadors)(collectively, “Technology Partner”) who interact with our Platform,Sites, events and/or other platforms utilized by monday.com.

Specifically, thisPrivacy Policy describes our practices regarding –

1.     Data Collection & Processing

2.    Data Uses & Legal Bases

3.    Data Location and Retention

4.   Data Disclosures

5.   Cookies and Tracking Technologies

6.   Communications

7.    Data Security

8.   Data Subject Rights

9.   Data Controller/Processor

10. Additional Notices

If you are a Customer,User, Prospect or Technology Partner, please read this Privacy Policy carefullyand make sure that you fully understand it.

You are not legallyrequired to provide us with any of your personal data, and may do so (or avoiddoing so) at your own free will. If you do not wish to provide us with yourpersonal data, or to have it processed by us or any of our services providers, pleasesimply do not visit or interact with our Sites, nor use our Services.

You may also choose notto provide us with “optional” personal data (i.e. “not required” fields onforms), but please keep in mind that without it we may not be able to provideyou with the full range of our Services or with the best user experience whenusing our Services.

Any capitalized butundefined term in this Privacy Policy shall have the meaning given to it inour Termsof Services (“Terms”).

1. Data Collection &Processing

When we use the term“personal data” in this Privacy Policy, we mean information that identifies,relates to, describes, is reasonably capable of being associated with, or couldreasonably be linked, directly or indirectly, to an individual. It does not includeaggregated or anonymized information that is maintained in a form that is notreasonably capable of being associated with or linked to an individual.

We collect or generatethe following categories of personal data in relation to the Services:

·      Usage and device information concerning our Users,Prospects and Technology Partners:

·      Connectivity, technical and usage data, such as IPaddresses and approximate general locations derived from such IP addresses,device and application data (like type, operating system, mobile device or appid, browser version, location and language settings used), activity logs, therelevant cookies and pixels installed or utilized on your device, and therecorded activity (sessions, clicks, use of features, logged activities andother interactions) of Prospects, Users and Technology Partners in connection withour Services.

·      We collect and generate this information automatically,including through the use of analytics tools (including cookies and pixels) –which collect data such as: how often Prospects or Technology Partners visit oruse the Sites, which pages they visit and when, which website, ad or emailmessage brought them there, and how Users interact with and use the Platformand its various features.

·      Contact and profile information concerning ourCustomers, Users, Prospects and Technology Partners:

·      Name, email, phone number, position, workplace, profilepicture, login credentials, contractual and billing details, and any otherinformation submitted by Account Admins and Users or otherwise available to uswhen they sign up or log in to the Platform (either directly or through theirsocial media or organizational Single-Sign-On account), when creating theirindividual profile (“User Profile”), or by updating their account.

·      We collect this information directly from you, or fromother sources and third parties such as our Customer (your employer), Users andcolleagues related to your organizational monday.com account, organizers ofevents or promotions that both you and us were involved in, and through the useof tools and channels commonly used for connecting between companies andindividual professionals in order to explore potential business and employmentopportunities, such as LinkedIn, ZoomInfo, Clearbit, Cognism and Lusha.

·      Communications with our Customers, Users, Prospects andTechnology Partners:

·      Personal data contained in any forms and inquiries thatyou may submit to us, including support requests, interactions through socialmedia channels and instant messaging apps, registrations to events that wehost, organize or sponsor, and participation in our online and offlinecommunities and activities); surveys, feedback and testimonials received;expressed, presumed or identified needs, preferences, attributes and insightsrelevant to our potential or existing engagement; and sensory information includingphone call and video conference recordings (e.g., with our customer experienceor product consultants), as well as written correspondences, screen recordings,screenshots, documentation and related information that may be automaticallyrecorded, tracked, transcribed and analyzed, for purposes including analytics,quality control and improvements, training, and record-keeping purposes.

For the purposes of theCalifornia Consumer Privacy Act (“CCPA”), specifically in the lasttwelve (12) months, we have collected the following categories of PersonalInformation: Identifiers; Professional or Employment-Related Information;Internet or other Electronic Network Activity Information; Customer Records Information;and Geolocation Information. We do not use or disclose sensitive personalinformation as defined in the CCPA.

2. Data Uses & LegalBases

We use personal data asnecessary for the performance of our Services (“Performance of Contract”);to comply with our legal and contractual obligations (“Legal Obligations”);and to support our legitimate interests in maintaining and improving ourServices, e.g. in understanding how our Services are used and how our campaignsare performing, and gaining insights which help us dedicate our resources andefforts more efficiently; in marketing, advertising and selling our Services toyou and others; providing customer services and technical support; andprotecting and securing our Users, Customers, Prospects and TechnologyPartners, ourselves and our Services (“Legitimate Interests”).

If you reside or areusing the Services in a territory governed by privacy laws under which“consent” is the only or most appropriate legal basis for processing personaldata as described in this Privacy Policy (either in general, based on the typesof personal data you expect or elect to process or have processed by us or viathe Services, or due to the nature of such processing) (“Consent”), youracceptance of our Terms and of this Privacy Policy will bedeemed as your consent to the processing of your personal data for all purposesdetailed in this Privacy Policy, unless applicable law requires a differentform of consent. If you wish to revoke such consent, please contact us at privacy@monday.com.

Specifically, we usepersonal data for the following purposes (and in reliance on the legal basesfor processing noted next to them, as appropriate):

Customer and Userpersonal data

·      To facilitate, operate, enhance, secure and provide ourServices; (Performance of Contract; Legitimate Interests)

·      To invoice and process payments (Performance ofContract; Legitimate Interests); and

·      To personalize our Services, including by recognizingan individual and remembering their information when they return to ourServices, and to provide further localization and personalizationcapabilities (Performance of Contract; Legitimate Interests).

Customer, User, Prospectand Technology Partner personal data

·      To provide our Prospects, Users, Technology Partnersand Customers with assistance and support, to test and monitor the Services,diagnose or fix technical issues, and to train our Customers’ andCustomer-facing staff (Performance of Contract; Legitimate Interests);

·      To gain a better understanding of how Users, Prospectsand Technology Partners evaluate, use, and interact with our Services, toutilize such information to continuously improve our Services, the overallperformance, user-experience and value generated therefrom. We collect suchinformation automatically through their usage of the Services, includingthrough User’s utilization of artificial intelligence capabilities in thePlatform (Legitimate Interests);

·      To create aggregated, statistical data, inferrednon-personal data or anonymized or pseudonymized data (rendered non-personal),which we or others may use to provide and improve our respective Services, orfor any other business purpose such as business intelligence (LegitimateInterests);

·      To facilitate and optimize our marketing campaigns, admanagement and sales operations, and to manage and deliver advertisements forour Services more effectively, including on other websites and applications.Such activities allow us to highlight the benefits of using our Services, andthereby to increase your engagement and overall satisfaction with our Services.This includes contextual, behavioral and interests-based advertising based onUser, Prospect and Technology Partner activities, preferences or other dataavailable to us or to our Services Providers (as defined below), and businesspartners (Legitimate Interests; Consent);

·      To contact our Customers, Users, Prospects andTechnology Partners with general or personalized Services-related messages, aswell as promotional messages that may be of specific interest to them (Performanceof Contract; Legitimate Interests; Consent);

·      To support and enhance our data security measures,including for the purposes of preventing and mitigating the risks of fraud,error or any illegal or prohibited activity (Performance of Contact;Legitimate Interests; Legal Obligation);

·      To explore and pursue growth opportunities byfacilitating a stronger local presence and tailored experiences, includingthrough partnerships with local distributors, resellers, business partners andproviders of professional services related to our Services (“Partners”,as further described in Section 4 below) (Legitimate Interests);

·      To facilitate, sponsor and offer certain events,webinars, contests and promotions (Legitimate Interests);

·      To publish your feedback and submissions to our Sites,public forums and blogs (Performance of Contract; Legitimate Interests);

·      To comply with our contractual and legal obligationsand requirements, and maintain our compliance with applicable laws, regulationsand standards (Performance of Contract; Legitimate Interests; LegalObligation); and

·      For any other lawful purpose, or other purpose that youconsent to in connection with provisioning our Services. (LegalObligation; Consent).

With respect to personaldata we obtain from Google OAuth API Scopes, used in our integration withcertain Google Services (“Integrated Google Services”), our use of suchpersonal data and data aggregated, anonymized, or derived therefrom (“Restrictedpersonal data”), is limited to the following purposes, in adherence withthe Limited Use requirements as detailed in Google API Services Data Policy (versionof September 3, 2020):

·      Facilitating, operating, supporting, providing andimproving user-facing features that are prominent in the Integrated GoogleServices (Performance of Contract; Legitimate Interests);

·      Troubleshooting or security purposes (such asinvestigating a bug or abuse), subject to the Users’ prior consent, insofaraccess to Restricted personal data is required to resolve a support issue (Performanceof Contract; Legitimate Interests);

·      Compliance with applicable law and regulations (LegalObligation);

·      For our internal operations, provided that theRestricted personal data (including derivations thereof) have been aggregatedand anonymized (Legitimate Interests);

·      Transfer of the Restricted personal data to thirdparties: (1) in accordance with this Privacy Policy, solely to the extentnecessary to provide or improve the Integrated Google Services; (2) to complywith applicable laws and regulations; and (3) in connection with any change incontrol, including by means of merger, acquisition or purchase of substantiallyall of monday.com’s assets (Performance of Contract; Legitimate Interests;Legal Obligation); or

·      Otherwise in strict accordance with your affirmativeagreement.

3. Data Location &Retention

Data Location: We and our authorizedService Providers (defined below) maintain, store and process personal data inthe United States (US), Europe, Israel, Australia, Guatemala, the Philippines,Brazil, Japan, Singapore, the United Kingdom (UK), and other locations asreasonably necessary for the proper performance and delivery of our Services,or as may be required by applicable law.

While privacy laws varybetween jurisdictions, monday.com, its affiliates and Service Providers areeach committed to protect personal data in accordance with this Privacy Policy,customary and reasonable industry standards, and such appropriate lawfulmechanisms and contractual terms requiring adequate dataprotection, regardless of any lesser legal requirements that may apply inthe jurisdiction to which such data is transferred.

monday.com Ltd. isheadquartered in Israel, a jurisdiction which is considered by the EuropeanCommission, the UK Secretary of State, and the Swiss Federal Data Protectionand Information Commissioner (FDPIC), to be offering an adequate level ofprotection for personal data of individuals residing in EU Member States, theUK and Switzerland, respectively. We transfer data from the European EconomicArea (EEA), the UK and Switzerland to Israel on this basis.

monday.com Inc., our USsubsidiary, complies with the EU-US Data Privacy Framework (EU-US DPF), the UKExtension to the EU-US DPF, and the Swiss-US Data Privacy Framework as setforth by the US Department of Commerce, and where appropriate – primarily relieson such certification for accepting transfers of data from the EEA, UK andSwitzerland to the US (as applicable).

We have certified to theU.S. Department of Commerce that monday.com Inc., adheres to the EU-US DataPrivacy Framework Principles (EU-US DPF Principles) with regard to theprocessing of personal data received from the European Union in reliance on theEU-US DPF, and from the UK (and Gibraltar) in reliance on the UK Extension tothe EU-US DPF. We furthermore certify that monday.com Inc., adheres to theSwiss-US Data Privacy Framework Principles (Swiss-US DPF Principles) withregard to the processing of personal data received from Switzerland in relianceon the Swiss-US DPF. We will remain liable for onward transfers of yourpersonal data to third parties (including our Service Providers) in accordancewith applicable data transfer mechanisms. If there is any conflict between theterms in this privacy policy and the EU-US DPF Principles and/or the Swiss-USDPF, the Principles shall govern with respect to personal data transferredunder the DPF. To learn more about the DPF program, and to view our certification,please visit https://www.dataprivacyframework.gov/.

For data transfers fromthe EEA, the UK and Switzerland to countries which are not considered to beoffering an adequate level of data protection, we and the relevant dataexporters and importers have entered into Standard Contractual Clauses asapproved by the European Commission, the UK Information Commissioner’s Office(ICO), and the Swiss FDPIC, as applicable. You can obtain a copy by contactingus as indicated in Section 10 below.

Please note that wheremonday.com processes personal data on behalf of a Customer, such personal data(included in their Customer Data) may only be processed in accordance with, andin the locations as agreed in our Data Processing Addendum and othercommercial agreements with such Customer (as further described in Section 9below).

Complaints abouttransfers of data from the EU, UK or Switzerland to the US & disputeresolution: In compliance with theDPF Principles, we commit to resolve complaints about our collection or use ofyour personal data. EEA, UK and Swiss individuals with inquiries or complaintsregarding our DPF compliance should submit enquiries to privacy@monday.com.

If a privacy complaintor dispute relating to personal data received by us in reliance on the DPFcannot be resolved through our internal processes, you did not receive a timelyacknowledgement of your EU-US DPF-Principles related complaint from us, or wedid not address your EU-US DPF Principles related complaint to yoursatisfaction, we have also agreed to participate in the VeraSafe Data PrivacyFramework Dispute Resolution Procedure. Subject to the terms of the VeraSafeData Privacy Framework Dispute Resolution Procedure, VeraSafe will provideappropriate recourse free of charge to you. To file a complaint with VeraSafeand participate in the VeraSafe Data Privacy Framework Dispute ResolutionProcedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/.

Furthermore, subject tocertain conditions (as described under the EU-US DPF Principles that monday.comInc. adheres to), you may invoke binding arbitration by delivering a notice tous via privacy@monday.com.monday.com Inc. is also subject to the investigatory and enforcement powers ofthe Federal Trade Commission.

Data Retention: We may retain yourpersonal data for as long as it is reasonably needed to maintain and expand ourrelationship and provide you with our Services and offerings; in order tocomply with our legal and contractual obligations; or to protect ourselves fromany potential disputes (e.g. as required by laws applicable to log-keeping,records and bookkeeping, and in order to have proof and evidence concerning ourrelationship, should any legal issues arise following your discontinuance ofuse), all in accordance with our data retention policy and at our reasonablediscretion. To determine the appropriate retention period for personal data, weconsider the amount, nature, and sensitivity of such data, the potential riskof harm from unauthorized use or disclosure of such data, the purposes forwhich we process it, and the applicable legal requirements. If you have anyquestions about our data retention policy, please contact us by email at privacy@monday.com.

4. Data Disclosure

We may disclose personaldata in the following instances:

Service Providers: We engage selectedthird-party companies and individuals as “Service Providers”, to performservices on our behalf or complementary to our own. These include providers ofThird Party Services (as defined in the Terms),such as: hosting and server co-location services, communications and contentdelivery networks (CDNs), data and cyber security services, billing and paymentprocessing services, fraud detection, investigation and prevention services,web and mobile analytics, email and communication distribution and monitoringservices, session or activity recording services, call recording, analytics andtranscription services, event production and hosting services, remote accessservices, performance measurement, data optimization and marketing services,social and advertising networks, content, lead generating and data enrichmentproviders, email, voicemails, video conferencing solutions, support andcustomer relation management systems, third-party customer support providers,and our legal, compliance and financial advisors and auditors.

Our Service Providersmay have access to personal data, depending on each of their specific roles andpurposes in facilitating and enhancing our Services or other activities, andmay only use the data as determined in our agreements with them.

Partnerships: We engage selectedbusiness and channel partners, resellers, distributors and providers ofprofessional services related to our Services, which allow us to explore andpursue growth opportunities by facilitating a stronger local presence andtailored experiences for our prospective and existing Customers and Users. Insuch instances, we may disclose relevant contact, business and usage details tothe respective Partner, to allow them to engage with those Customers and Usersfor such purposes. If you directly engage with any of our Partners, please notethat any aspect of that engagement which is not directly related to theServices and directed by monday.com is beyond the scope of monday.com’s Termsand Privacy Policy, and may therefore be governed by the Partner’s terms andprivacy policy.

Application Providersand Event Sponsors: Ifso instructed or permitted by you or your Account Admin, we may disclose yourpersonal data (such as your User Profile and contact details, as well asrelevant usage data) to the provider(s) of any third-party applications orintegrations added to your Account. Similarly, if you register to any eventthat we host, organize or sponsor, then with your permission we may discloseyour registration details to others, including the hosts, organizers, speakers,services providers and sponsors of that event, so that they may contact youwith relevant information and offers, or to fulfill any promotions related tothe event.

Customers and otherUsers: Yourpersonal data may be disclosed to the Customer owning the Account to which youare subscribed as a User (including data and communications concerning yourUser Profile), as well as other Users of that Account. Your personal data andactivity within the Services may also be monitored, processed and analyzed bythe Account Admin. This includes instances where you contact us for help inresolving an issue specific to a team of which you are a member (and which ismanaged by the same Customer).

Also, in cases whereyour personal data appears in boards within that Account that are set as“private” or with limited view privileges, the Account Admin(s) may stillaccess it on behalf of the Customer.

Any content submitted byyou to private boards may still be accessed, copied and processed by theAccount Admin(s). Your User Profile and personal data will also be madeavailable to all the authorized Users who can view the same board(s) as you.Please note that monday.com is not responsible for and does not control anyfurther disclosure, use or monitoring by or on behalf of the Customer(including sharing of boards or use of broadcast features within the Services),that itself acts as the “Data Controller” of such data (as further described inSection 9 below).

If you register oraccess the Services using an email address at a domain that is owned by youremployer or organization (our Customer), and another team within suchCustomer’s organization wishes to establish an account on the Services, certaininformation about you including your name, profile picture, contact info andgeneral use of your Account will become accessible to the Account Admin andUsers.

Services integrations: You or your AccountAdmin may choose to integrate your Account on the Services with third-partyServices (provided that such integration is supported by our Services). Theprovider of such integrated third-party Services may receive certain relevantdata about or from your Account on the Services, or disclose certain relevantdata from the account on the third-party provider’s Services with our Services,depending on the nature and purpose of such integration. Note that we do notreceive or store your passwords for any of these third-party Services (but dotypically require your API key in order to integrate with them). If you do notwish your data to be disclosed to such third-party Services(s), please contactyour Account Admin.

Feedback orRecommendations: Ifyou submit a public review or feedback, note that we may (at our discretion)store and present your review publicly, on our Sites and Services. If you wishto remove your public review, please contact us at support@monday.com.If you choose to send others an email or message inviting them to use theServices, we may use the contact information you provide us to automaticallysend such invitation email or message on your behalf. Your name and emailaddress may be included in the invitation email or message.

Community Forum: Our Sites includepublic blogs or forums, such as monday.com Community and Startup for Startup.We also manage and participate in various social channels and communities onother platforms. Any information you submit on these forums, blogs and communities– including profile information associated with the User Profile you use topost the information – may be read, collected, and used by others who accessthese Sites. Due to the nature of such public forums, your posts andcertain profile information may remain visible to all even after you terminateyour User Profile. To request removal of your information from publiclyaccessible Sites operated by us, please contact us as provided in Section 10below and note the Sites from which you would like your information to beremoved. In some cases, we may not be able to remove your information, in whichcase we will let you know if we are unable to and why.

Legal Compliance: In exceptionalcircumstances, we may disclose or allow government and law enforcementofficials access to your personal data, in response to a subpoena, searchwarrant or court order (or similar requirement), or in compliance withapplicable laws and regulations. Such disclosure or access may occur if webelieve in good faith that: (a) we are legally compelled to do so; (b)disclosure is appropriate in connection with efforts to investigate, prevent,or take action regarding actual or suspected illegal activity, fraud, or otherwrongdoing; or (c) such disclosure is required to protect the security orintegrity of our products and Services.

Protecting Rights andSafety: Wemay disclose your personal data to others if we believe in good faith that thiswill help protect the rights, property or safety of monday.com, any of ourUsers or Customers, or any members of the general public.

monday.com Subsidiaries: We disclose personaldata internally within our group of companies, for the purposes described inthis Privacy Policy. In addition, should monday.com or any of its subsidiariesundergo any change in control, including by means of merger, acquisition orpurchase of substantially all of its assets, your personal data may bedisclosed with the parties involved in such an event. If we believe that suchchange in control might materially affect your personal data then stored withus, we will notify you of this event and the choices you may have via email orprominent notice on our Services.

For the avoidance ofdoubt, monday.com may disclose your personal data in additional manners,pursuant to your explicit approval, if we are legally obligated to do so, or ifwe have successfully rendered such data non-personal and anonymous.

For the purposes of theCCPA, in the past twelve (12) months, we may have disclosed Identifiers;Professional or Employment-Related Information; Internet or other ElectronicNetwork Activity Information; Customer Records Information; and GeolocationInformation to the third parties listed above.

5. Cookies and TrackingTechnologies

Our Sites and Services(including some of our Services Providers) utilize “cookies”, anonymousidentifiers, pixels, container tags and other technologies in order for us toprovide and monitor our Services and Sites, to ensure that they performproperly, to analyze our performance and marketing activities, and topersonalize your experience. Such cookies and similar files or tags may also betemporarily placed on your device. Certain cookies and other technologies serveto recall personal data, such as an IP address, as indicated by a Prospect,User or Technology Partner. To learn more about our practices concerningcookies and tracking, please see our CookiePolicy. You may also use the “Cookie settings” feature available inour Services depending on your location and activity on our Services, asapplicable.

Please note that we donot change our practices in response to a “Do Not Track” signal in the HTTPheader from a browser or mobile application, however, most browsers allow youto control cookies, including whether or not to accept them and how to removethem. You may set most browsers to notify you if you receive a cookie, or toblock or remove cookies altogether.

6. Communications

We engage in Servicesand promotional communications, through email, phone, SMS and notifications.

Services Communications: We may contact youwith important information regarding our Services. For example, we may send younotifications (through any of the means available to us) of changes or updatesto our Services, billing issues, log-in attempts or password reset notices,etc. Our Customers, and other Users on the same Account, may also send younotifications, messages and other updates regarding their or your use of theServices. You can control your communications and notifications settings fromyour User Profile settings, or otherwise in accordance with the instructionsthat may be included in the communications sent to you. However, please notethat you will not be able to opt-out of receiving certain Servicescommunications which are integral to your use (like password resets or billingnotices).

PromotionalCommunications: Wemay also notify you about new features, additional offerings, events andspecial opportunities or any other information we think you will find valuable,as our Customer, User, Prospect or Technology Partner. We may provide suchnotices through any of the contact means available to us (e.g. phone, mobile oremail), through the Services, or through our marketing campaigns on any othersites or platforms. If you do not wish to receive such promotionalcommunications, you may notify monday.com at any time by sending an email toprivacy@monday.com, changing your communications preferences in your UserProfile settings, or by following the “unsubscribe”, “stop”, “opt-out” or“change email preferences” instructions contained in the promotional communicationsyou receive.

7. Data Security

In order to protect yourpersonal data held with us, we use industry-standard physical, procedural andtechnical security measures, including encryption as appropriate. However,please be aware that regardless of any security measures used, we cannot and donot guarantee the absolute protection and security of any personal data storedwith us or with any third parties as described in Section 4 above. To learnmore, please visit our Trust Center.

8. Data Subject Rights

If you wish to exerciseyour privacy rights under applicable law (including the EU or UK GDPR, SwissFederal Data Protection Act or the CCPA), such as (each to the extentapplicable to you under the laws which apply to you) – the right toknow/request access to (specific pieces of personal data collected; categoriesof personal data collected; categories of sources from whom the personal datawas collected; purpose of collecting personal data; categories of third partieswith whom we have disclosed personal data), to request rectification or erasureof your personal data held with monday.com, or to restrict or object to suchpersonal data’s processing (including the right to direct us not to sell yourpersonal data to third parties now or in the future), or to obtain a copy orport such personal data, or the right to equal Services and prices (e.g.freedom from discrimination) – please contact us by email at support@monday.com.If you are a GDPR-protected individual, you also have the right to lodge acomplaint with the relevant supervisory authority in the EEA or the UK, asapplicable.

You may designate anauthorized agent, in writing or through a power of attorney, to request toexercise your privacy rights on your behalf. The authorized agent may submit arequest to exercise these rights by emailing us. In such cases, we may request furtherinformation to verify such power of attorney and authorization.

Please note that whenyou ask us to exercise any of your rights under this Privacy Policy orapplicable law, we may instruct you on how to fulfill your requestindependently through your User Profile settings; refer you to your AccountAdmin; or require additional information and documents, including certainpersonal data and credentials in order to process your request in a propermanner (e.g. in order to authenticate and validate your identity so that weknow which data in our systems relates to you, and where necessary, to betterunderstand the nature and scope of your request). Such additional informationwill be then retained by us for legal purposes (e.g. as proof of the identityof the person submitting the request, and of how each request was handled), inaccordance with Section 3 above.

We may redact from thedata which we make available to you, any personal or confidential data relatedto others.

9. DataController/Processor

Certain data protectionlaws and regulations, such as the GDPR or the CCPA, typically distinguishbetween two main roles for parties processing personal data: the “datacontroller” (or under the CCPA, “business”), who determines the purposes andmeans of processing; and the “data processor” (or under the CCPA, “serviceprovider”), who processes such data on behalf of the data controller (orbusiness). Below we explain how these roles apply to our Services, to theextent that such laws and regulations apply.

monday.com Ltd. is the“data controller” of its Prospects’, Users’, Technology Partner’s andCustomers’ personal data, as detailed in Section 1 above. Accordingly, weassume the responsibilities of a data controller (solely to the extentapplicable under law), as set forth in this Privacy Policy.

monday.com is the “dataprocessor” of personal data contained in Customer Data, as submitted by ourCustomers and their Users to their Account’s boards, items and docs. We processsuch data on behalf of our Customer (who is the “data controller” of such data)and in accordance with its reasonable instructions, subject to our Terms,our DataProcessing Addendum (to the extent applicable) and othercommercial agreements with such Customer.

Our Customers are solelyresponsible for determining whether and how they wish to use our Services, andfor ensuring that all individuals using the Services on the Customer’s behalfor at their request, as well as all individuals whose personal data may beincluded in Customer Data processed through the Services, have been providedwith adequate notice and given informed consent to the processing of theirpersonal data, where such consent is necessary or advised, and that all legalrequirements applicable to the collection, use or other processing of datathrough our Services are fully met by the Customer. Our Customers are alsoresponsible for handling data subject rights requests under applicable law, bytheir Users and other individuals whose data they process through the Services.

If you would like tomake any requests or queries regarding personal data we process as a dataprocessor on our Customer’s behalf, including accessing, correcting or deletingyour data, please contact the Customer’s Account Admin directly.

10. Additional Notices

Updates and Amendments: We may update andamend this Privacy Policy from time to time by posting an amended version onour Services. The amended version will be effective as of the date it ispublished. When we make material changes to this Privacy Policy, we will givenotice as appropriate under the circumstances, e.g., by displaying a prominentnotice within the Services or by sending an email. Your continued use of theServices after the changes have been implemented will constitute youracceptance of the changes.

Accessibility: Upon request, thisPrivacy Policy can be read by a screen reader. For more information, pleasecontact accessibility@monday.com.

US State LawRequirements: ThisPrivacy Policy describes the categories of personal information we may collectand the sources of such information (in Section ‎1 above), and ourretention (Section ‎3) anddeletion (Section 8) practices. We also included information about how we mayprocess your information (in Sections ‎1 through ‎7),which includes “business purposes” under the CCPA. We do not sell your personalinformation for the intents and purposes of CCPA. We do share and disclosepersonal data to third parties or allow them to collect personal data from ourServices as described in Sections ‎4 and5 above, if those third parties are authorized Service Providers or businesspartners who have agreed to our contractual limitations as to their retention,use, and disclosure of such personal data, or if you integrate the Services ofthird parties with our Services, or direct us to disclose your personal data tothird parties, or as otherwise described in Section 4 above.

If you have anyquestions or would like to exercise your rights under the CCPA, you cancontact privacy@monday.com.

Third Party Websites andServices: OurServices includes links to third party websites and services, and integrationswith Third Party Services (as defined in the Terms).Such websites, services and Third Party Services, and any information youprocess, submit, transmit or otherwise use with or to such websites, servicesand Third Party Services, are governed by such third party’s terms and privacypractices and policies, and not by this Privacy Policy. We encourage you tocarefully read the terms and privacy policies of such websites, services andThird Party Services.

Our Services are notdirected to children under the age of 16: We do not knowingly collect personal data fromchildren and do not wish to do so. If we learn that a person under the age of16 is using the Services, we will attempt to prohibit and block such use andwill make our best efforts to promptly delete any personal data stored with uswith regard to such child. If you believe that we might have any such data,please contact us by email at privacy@monday.com.

DPO: monday.com hasappointed privacy veteran Aner Rabinovitz as our Data Protection Officer, formonitoring and advising on monday.com’s ongoing privacy compliance and servingas a point of contact on privacy matters for data subjects and supervisoryauthorities. Our DPO may be reached at dpo@monday.com.

EU Representative: VeraSafe has beendesignated as monday.com’s representative in the European Union for dataprotection matters pursuant to Article 27 of the GDPR. VeraSafe may becontacted only on matters related to the processing of personal data of EUresidents. To make such an inquiry, please contact VeraSafe through this contact form.

UK Representative: monday.com UK 2020Ltd. has been designated as monday.com’s representative in the United Kingdomfor data protection matters pursuant to Article 27 of the UK GDPR. monday.comUK 2020 Ltd. may be contacted on matters related to the processing of personaldata of residents of the UK, at privacy@monday.com.

Questions, concerns orgeneral complaints: Ifyou have any comments or questions regarding our privacy policy or practices,or if you have any concerns regarding your personal data held with us, or ifyou wish to make a complaint about how your personal data is being processed bymonday.com, please contact monday.com’s support at support@monday.com,or our Data Protection Officer at dpo@monday.com.