Privacy. The Company is, and has at all times been, in material compliance with # all applicable Laws regarding the protection, storage, use and disclosure of Personal Data, # the privacy policies and other Contracts (or portions thereof) in effect between the Company and users of the Company Products, and # Contracts (or portions thereof) between the Company and vendors, marketing affiliates, and other business partners, in each case in clauses (ii) and (iii), that are applicable to the use and disclosure of Personal Data (such policies and Contracts being hereinafter referred to as “Privacy Agreements”). The Company has confidentiality agreements in place with all vendors or other Persons whose relationship with the Company involves the collection, use, disclosure, storage, or processing of Personal Data on behalf of the Company, which agreements require such Persons to protect such Personal Data in a manner consistent with the Company’s obligations in the Privacy Agreements. No Person has made any illegal or unauthorized use of Personal Data that was collected by or on behalf of the Company and is in the possession or control of the Company.

Data Privacy. By entering into this Agreement, the Grantee: # authorizes the Company or any of the NextEra Entities, and any agent of the Company or any of the NextEra Entities administering the Plan or providing Plan recordkeeping services, to disclose to the Company or any of the NextEra Entities such information and data as the Company or any such NextEra Entities shall reasonably request in order to facilitate the administration of this Agreement; and # authorizes the Company or any of the NextEra Entities to store and transmit such information in electronic form, provided such information is appropriately safeguarded in accordance with Company policy.

Data Privacy. The Participant hereby authorizes their actual employer (the “Employer”) to furnish the Corporation (and any agent of the Corporation administering the Plan or providing Plan recordkeeping services) with such information and data as it shall request in order to facilitate the grant of Awards and administration of the Plan and the Participant waives any data privacy rights such Participant might otherwise have with respect to such information. The Controller of personal data processing is Kimberly-Clark Corporation with registered offices at 351 Phelps Drive, Irving, Texas 75038, United States of America.

Data Privacy. You understand that the Company and the Company subsidiary for which you work may hold certain personal information about you, including, but not limited to, your name, home address and telephone number, date of birth, social insurance number or other identification number, any Shares or directorships held in the Company, details of all PBRSUs. By accepting the PBRSUs, you explicitly and unambiguously consent to the collection, use, transfer, holding, storage and disclosure in electronic or other form, of your personal data as described in this Agreement and any other Award grant materials (“Data”) by and among, as applicable, the Company, its subsidiaries and Affiliates (collectively referred to in this Data Privacy section as the “Company”) and certain third party service providers including, but not limited to, Plan brokers, financial advisers and legal counsel, engaged by the Company (collectively, the “Providers”) for the purpose of implementing, administering and managing the Plan and complying with applicable laws, regulations and legislation. You understand that the Data which may be collected, used, transferred, held, stored or disclosed by the Company and the Providers consists of certain Data about you, including, but not limited to, your name, home address, telephone number, date of birth, social insurance number or other government identification number, salary, nationality, job title, any Shares or directorships held in the Company, details of all PBRSUs or any other entitlement to Shares awarded, canceled, exercised, vested, unvested or outstanding in your favor. The Data may also include information relating to your health (for example, where your employment terminates due to death or Disability). You further understand that such collection, use, transfer, holding, storage or disclosure of the Data may be necessary for the purpose of implementing, administering and managing the Plan and complying with applicable laws, regulations and legislation. You understand that the Company or the Providers may be located in the United States or elsewhere, and that the laws of the country in which the Company and the Providers collect, use, transfer, hold, store or disclose the Data may have different legal protections for the Data than your country. However, regardless of the location of the Data, the Company protects the Data through reasonable physical, technical and administrative safeguards and requires that the Providers also have such safeguards in place. You understand that you may, at any time, request a copy of your Data, request additional information about the storage and processing of Data, require any necessary amendments to Data or refuse or withdraw the consents herein, in any case without cost, by contacting your local human resources representative in writing. You understand that refusing or withdrawing your consent may affect your ability to participate in the Plan as more fully described below. You understand that you are providing the consent herein on a purely voluntary basis. If you do not consent, or if you later seek to revoke your consent, your employment status or service and career with your employer will not be adversely affected; the only adverse consequence of refusing or withdrawing your consent is that the Company would not be able to grant PBRSUs or other equity awards or administer or maintain such awards. Therefore, you understand that refusing or withdrawing your consent may affect your ability to participate in the Plan. For more information on the consequences of your refusal to consent or withdrawal of consent, you understand that you may contact your local human resources representative.

Data Privacy. By accepting the RSUs, you explicitly and unambiguously consent to the collection, use, transfer, holding, storage and disclosure in electronic or other form, of your personal data as described in this Agreement and any other Award grant materials (“Data”) by and among, as applicable, the Company and its subsidiaries and Affiliates (collectively referred to in this Data Privacy section as the “Company”) and certain third party service providers including, but not limited to, Plan brokers, financial advisers and legal counsel, engaged by the Company (collectively, the “Providers”) for the purpose of implementing, administering and managing the Plan and complying with applicable laws, regulations and legislation.

Data Privacy. The Participant hereby explicitly and unambiguously consents to the collection, use and transfer, in electronic or other form, of the Participant’s personal data as described in the Award Agreement and any other grant materials by and among, as applicable, the Company, the Employer and any other Subsidiary for the exclusive purpose of implementing, administering and managing the Participant’s participation in the Plan.

Privacy and Cybersecurity. The Company Group are presently in compliance with all # applicable laws, statutes, regulations, rules, guidelines, standards, judgments, and orders of any Governmental Entity related to data privacy, data protection, or data security (collectively, “Privacy Laws”), # the internal and publicly facing written privacy policies of the Company Group, # third party privacy or data security obligations that the Company Group have been or are contractually obligated to comply with, # any rules of any applicable self-regulatory organizations in which the Company Group are or have been a member or are or have been contractually obligated to comply with, and # consents or other authorizations obtained by the Company Group that are related to privacy, security, data protection or the processing of information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to a particular individual or is otherwise is subject to any applicable Privacy Laws (collectively, “Privacy Obligations”), except for such non-compliance that would not, individually or in the aggregate, reasonably be expected to be material to the Company Group, considered as one enterprise. Except as would not, individually or in the aggregate, reasonably be expected to be material to the Company Group, considered as one enterprise, # there has been no security breach or incident, unauthorized access or disclosure, or other compromise of or relating to any of the Company Group’s information technology and computer systems, networks, hardware, software, data and databases (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company Group, and any such data processed or stored by third parties on behalf of the Company Group), equipment or technology (collectively, “IT Systems and Data”), # no member of the Company Group has been notified of, and each of them have no knowledge of any event or condition that could result in, any security breach or incident, unauthorized access or disclosure or other compromise to their IT Systems and Data and # the Company Group have implemented appropriate controls, policies, procedures, and technological safeguards to maintain and protect the integrity, continuous operation, redundancy and security of their IT Systems and Data reasonably consistent with industry standards and practices, or as required by applicable Privacy Obligations.

Data Privacy Consent. By electing to participate in the Plan via the Company’s online acceptance procedure, Participant is declaring that Participant agrees with the data processing practices described herein and consent to the collection, processing and use of Personal Data (as defined below) by the Company and the transfer of Personal Data to the recipients mentioned herein, including recipients located in countries which do not adduce an adequate level of protection from a European (or other) data protection law perspective, for the purposes described herein.

Expedia Privacy Policy. Expedia shall maintain privacy policies that govern the collection, treatment use and disclosure of Customer Personal Data from End Users of the Expedia Platform and any Expedia Travel Solution (the “Expedia Privacy Policies”) in connection with all collection, treatment, use, disclosure and retention of any Customer Personal Data, and shall ensure that it permits to share Customer Personal Data with Decolar and its Affiliates for the purpose of fulfilling its obligations hereunder with respect to procuring travel reservations or providing other services or functions on behalf of End Users or for Decolar on behalf of End Users, except as otherwise restricted by applicable law. Expedia shall ensure that it and its Controlled Affiliates have complied and at all times are in compliance with all applicable Laws, as well as any of its own applicable privacy policies, with respect to any Customer Personal Data. Expedia shall take all reasonable steps to ensure that all End Users have agreed or consented to or are otherwise subject to appropriate data privacy policies which permit the transfer and retention of the Customer Personal Data of such End Users by Expedia to Decolar.

As a condition of the Grant, the Employee consents to the collection, use and transfer of the Employee’s personal data as described in this Section 9. The Employee understands that the Company and its subsidiaries hold certain personal information about the Employee, including the Employee’s name, home address and telephone number, date of birth, social insurance (or security) number or identification number, salary, nationality, job title, any shares of Stock or directorships held in the Company (or any of its subsidiaries), details of all options or any other entitlement to shares of Stock awarded, canceled, exercised, vested, unvested or outstanding in the Employee’s favor, for the purpose of implementing, managing and administering the Plan (“Data”). The Employee further understands that the Company and/or a subsidiary may transfer Data amongst themselves as necessary for the purpose of implementation, administration and management of the Employee’s participation in the Plan, and that the Company and/or a subsidiary may each further transfer Data to any third parties assisting the Company in the implementation, administration and management of the Plan. The Employee understands that these recipients may be located in the European Economic Area, or elsewhere, such as the United States or Canada, and that the recipient’s country may have different data privacy laws and protections than the Employee’s country. The Employee authorizes them to receive, possess, use, retain and transfer the Data, in electronic or other form, for the purposes of implementing, administering and managing the Employee’s participation in the Plan, including any requisite transfer of such Data to a broker or other third party with whom the Employee may elect to deposit any shares of Common Stock acquired pursuant to the Plan as may be required for the administration of the Plan and/or the subsequent holding of shares of Common Stock on the Employee’s behalf. The Employee understands that Data will be held only as long as is necessary to implement, administer and manage the Employee’s participation in the Plan. The Employee understands that the Employee may, at any time, view Data, request additional information about the storage and processing of Data, require any necessary amendments to it or refuse or withdraw the consents herein, in any case without cost, by contacting in writing the Employee’s local Human Resources representative. Refusal or withdrawal of consent may, however, affect the Employee’s ability to exercise or realize benefits from the Grant or the Plan. For more information on the consequences of the Employee’s refusal to consent or withdrawal of consent, the Employee understands that the Employee may contact the Employee’s local Human Resources representative.