Personal Data. You hereby explicitly and unambiguously consent to the collection, use and transfer, in electronic or other form, of your personal data as described in this Agreement and any other Restricted Stock Unit grant materials by and among, as applicable, your employer (the “Employer”), the Company and its Subsidiaries or Affiliates for the exclusive purpose of implementing, administering and managing your participation in the Plan.

Data Privacy. By entering into this Agreement, the Grantee: # authorizes ​ or any of the NextEra Entities (as defined in section 9(e) hereof), and any agent of ​ or any of the NextEra Entities administering the Plan or providing Plan recordkeeping services, to disclose to ​ or any of the NextEra Entities such information and data as ​ or any such NextEra Entities shall reasonably request in order to facilitate the administration of this Agreement; and # authorizes ​ or any of the NextEra Entities to store and transmit such information in electronic form, provided such information is appropriately safeguarded in accordance with Company policy.

Data Privacy. The Participant hereby authorizes their actual employer (the “Employer”) to furnish the Corporation (and any agent of the Corporation administering the Plan or providing Plan recordkeeping services) with such information and data as it shall request in order to facilitate the grant of Awards and administration of the Plan and the Participant waives any data privacy rights such Participant might otherwise have with respect to such information. The Controller of personal data processing is Kimberly-Clark Corporation with registered offices at 351 Phelps Drive, Irving, Texas 75038, United States of America.

Data Retention. The Corporation will use the Participant’s personal data only as long as is necessary to implement, administer and manage his or her participation in the Plan or as required to comply with legal or regulatory obligations, including under tax and security laws. This period may extend until the Participant’s employment or service with the Corporation is terminated, plus any additional time periods necessary for compliance with law, exercise or defense of legal rights, and archiving, back-up and deletion processes.

"Existing Royalty" means a 2% net smelter returns royalty on the leased patented claims that comprise a portion of the Mineral Rights granted to Christian W. Bramwell pursuant to a mining lease and option to purchase dated June 2, 2005 and made between Bramwell and Maximus Ventures Ltd. ("Maximus"), as assigned by Maximus to Walker Lane Gold LLC ("Walker") pursuant to an assignment and assumption agreement dated March 18, 2006 and further assigned by Walker to Timberwolf Minerals Ltd. ("Timberwolf") pursuant to an assignment and assumption agreement dated February 12, 2008, and further assigned by Timberwolf to ISC Copper Systems Ltd. pursuant to an assignment and assumption agreement dated August 29 2010;

Personal Data and Security. Unless Supplier receives consent directly from the End User, Supplier will not and will not permit any of its Affiliates to use information about End Users provided by Expedia to directly or indirectly, identify or engage in any solicited or unsolicited marketing, promotional, or similar communications. The Supplier shall: # when processing Personal Data, comply with applicable Data Protection Legislation and not, by act or omission, place Expedia in violation of any applicable Data Protection Legislation; # process Personal Data only for the purposes of providing the Services under this Agreement or otherwise on the written instruction of Expedia; # ensure appropriate operational and technical measures are in place to safeguard the Personal Data against any unauthorized access, loss, destruction, theft, use or disclosure; # ensure that any third party vendor or service provider that is engaged by Supplier to process the Personal Data on Expedia’s behalf has entered into a written contract that contains data protection provisions substantially similar to these in this Agreement; # promptly notify Expedia if it becomes aware of any unauthorized or unlawful processing or breaches of security relating to the Personal Data; # in relation to the transfer of Personal Data, not process Personal Data relating to EU Travelers outside of the European Economic Area (“Data Transfer”), except where the transfer is necessary for the conclusion or performance of a contract concluded in the interest of Expedia or the End User, is required by law and/or in relation to the transfer of Personal Data to Supplier’s group companies for the sole purpose of providing services to Expedia or End Users under this Agreement; and # in relation to Data Transfer outside of the European Economic Area, shall ensure that any transfer of Personal Data relating to EU Travelers outside the European Economic Area is adequately protected as required Data Protection Legislation applicable in jurisdictions where Decolar operates. The Supplier warrants, represents and undertakes that any data it receives and/or has access to under or in relation to this Agreement, that it shall use such data in accordance with this [Section E.5.c], and only as strictly necessary to fulfill each Standalone or Package Booking and not for any other purpose.

Proposed or new legislation and regulations could also significantly affect our business. There currently are a number of proposals pending before federal, state, and foreign legislative and regulatory bodies. In addition, the European Commission has approved a data protection regulation, known as the General Data Protection Regulation (GDPR), which has been finalized and is due to come into force in or around May 2018. The GDPR will include operational requirements for companies that receive or process personal data of residents of the European Union that are different than those currently in place in the European Union, and that will include significant penalties for non-compliance. Similarly, there are several legislative proposals in the United States, at both the federal and state level, that could impose new obligations in areas affecting our business, such as liability for copyright infringement by third parties. In addition, some countries are considering or have passed legislation implementing data protection requirements or requiring local storage and processing of data or similar requirements that could increase the cost and complexity of delivering our services.

processing, recording, distribution, transfer, transmission, receipt, import, export, protection, safeguarding, access, disposal or disclosure or other activity regarding data (whether electronically or in any other form or medium).

We may have to share your personal data with third parties, including third-party service providers and with other companies that are in the same corporate group as us (e.g. our holding company and our subsidiaries, and subsidiaries of our holding company). We require third parties to respect the security of your personal data and to treat it in accordance with applicable data protection law.

“Trade Secrets” means any information or data meeting the definition for such term under either the North Carolina Trade Secrets Protection Act or the federal Defend Trade Secrets Act of 2016.