Data Privacy Consent. In order to administer the Plan and this Agreement and to implement or structure future equity grants, the Company, its subsidiaries and affiliates and certain agents thereof (together, the “Relevant Companies”) may process any and all personal or professional data, including but not limited to Social Security or other identification number, home address and telephone number, date of birth and other information that is necessary or desirable for the administration of the Plan and/or this Agreement (the “Relevant Information”). By entering into this Agreement, the Optionee # authorizes the Company to collect, process, register and transfer to the Relevant Companies all Relevant Information; # waives any privacy rights the Optionee may have with respect to the Relevant Information; # authorizes the Relevant Companies to store and transmit such information in electronic form; and # authorizes the transfer of the Relevant Information to any jurisdiction in which the Relevant Companies consider appropriate. The Optionee shall have access to, and the right to change, the Relevant Information. Relevant Information will only be used in accordance with applicable law.

The Employee hereby explicitly and unambiguously consents to the collection, use and transfer, in electronic or other form, of the Employee’s personal data as described in this Grant Agreement and any other materials by and among, as applicable, the Company, its Subsidiaries or Affiliates, and the Employer for the exclusive purpose of implementing, administering and managing the Employee’s participation in the Plan.

Data Privacy Consent. By electing to participate in the Plan via the Company’s online acceptance procedure, Participant is declaring that Participant agrees with the data processing practices described herein and consent to the collection, processing and use of Personal Data (as defined below) by the Company and the transfer of Personal Data to the recipients mentioned herein, including recipients located in countries which do not adduce an adequate level of protection from a European (or other) data protection law perspective, for the purposes described herein.

Data Privacy Consent. By accepting this grant, you hereby unconditionally consent to the collection, use and transfer, in electronic or other form, of your personal data as described in this document by and among, as applicable, your employing entity (the “Employer”) and the Corporation and the Corporation Group for the exclusive purpose of implementing, administering and managing any awards issued to you under the Plan. You understand that the Corporation and your Employer may hold certain personal information about you, including, but not limited to, your name, home address, email address, telephone number, date of birth, social insurance number or other identification number, salary, nationality, job title, details of all RSUs or any other entitlement to shares of stock awarded, canceled, vested, unvested or outstanding in your favor (“Data”), for the purpose of implementing, administering and managing any grants issued to you under the Plan. You understand that Data may be transferred to any third parties, as may be selected by the Corporation, which are assisting in the implementation, administration and management of the Plan and the fulfillment of this Agreement. You understand that the recipients of the Data may be located in the United States or elsewhere, and that the recipients’ country may have different data privacy laws and protections from your country. You understand that if you reside outside of the United States, you may request a list with the names and addresses of any potential recipients of the Data by contacting your local human resources representative. You authorize the recipients, which may assist the Corporation (presently or in the future) with implementing, administering and managing the Plan to receive, possess, use, retain and transfer the Data, in electronic or other form, for the purposes of implementing, administering and managing grants under the Plan and the fulfillment of this Agreement. You understand the Data will be held only as long as is necessary to implement, administer and manage grants under the Plan and this Agreement. You understand that if you reside outside of the United States, you may, at any time, view Data, request information about the storage and processing of Data, require any necessary amendments to Data or refuse or withdraw the consents herein, in any case without cost, by contacting in writing your human resources representative. Further, you understand that your consent herein is being provided on a purely voluntary basis. If you do not consent, or if you later seek to revoke your consent, your Employment status or Service will not be affected; the only consequence of refusing or withdrawing your consent is that the Corporation may not be able to grant RSUs or other equity awards to you or administer or maintain such awards. Therefore, you understand that refusing or withdrawing your consent may affect your ability to participate in the Plan. For more information on the consequences of your refusal to consent or withdrawal of consent, you understand that you may contact your local human resources representative.

Privacy and Cybersecurity. The Company Group are presently in compliance with all # applicable laws, statutes, regulations, rules, guidelines, standards, judgments, and orders of any Governmental Entity related to data privacy, data protection, or data security (collectively, “Privacy Laws”), # the internal and publicly facing written privacy policies of the Company Group, # third party privacy or data security obligations that the Company Group have been or are contractually obligated to comply with, # any rules of any applicable self-regulatory organizations in which the Company Group are or have been a member or are or have been contractually obligated to comply with, and # consents or other authorizations obtained by the Company Group that are related to privacy, security, data protection or the processing of information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to a particular individual or is otherwise is subject to any applicable Privacy Laws (collectively, “Privacy Obligations”), except for such non-compliance that would not, individually or in the aggregate, reasonably be expected to be material to the Company Group, considered as one enterprise. Except as would not, individually or in the aggregate, reasonably be expected to be material to the Company Group, considered as one enterprise, # there has been no security breach or incident, unauthorized access or disclosure, or other compromise of or relating to any of the Company Group’s information technology and computer systems, networks, hardware, software, data and databases (including the data and information of their respective customers, employees, suppliers, vendors and any third party data maintained, processed or stored by the Company Group, and any such data processed or stored by third parties on behalf of the Company Group), equipment or technology (collectively, “IT Systems and Data”), # no member of the Company Group has been notified of, and each of them have no knowledge of any event or condition that could result in, any security breach or incident, unauthorized access or disclosure or other compromise to their IT Systems and Data and # the Company Group have implemented appropriate controls, policies, procedures, and technological safeguards to maintain and protect the integrity, continuous operation, redundancy and security of their IT Systems and Data reasonably consistent with industry standards and practices, or as required by applicable Privacy Obligations.

Expedia Privacy Policy. Expedia shall maintain privacy policies that govern the collection, treatment use and disclosure of Customer Personal Data from End Users of the Expedia Platform and any Expedia Travel Solution (the “Expedia Privacy Policies”) in connection with all collection, treatment, use, disclosure and retention of any Customer Personal Data, and shall ensure that it permits to share Customer Personal Data with Decolar and its Affiliates for the purpose of fulfilling its obligations hereunder with respect to procuring travel reservations or providing other services or functions on behalf of End Users or for Decolar on behalf of End Users, except as otherwise restricted by applicable law. Expedia shall ensure that it and its Controlled Affiliates have complied and at all times are in compliance with all applicable Laws, as well as any of its own applicable privacy policies, with respect to any Customer Personal Data. Expedia shall take all reasonable steps to ensure that all End Users have agreed or consented to or are otherwise subject to appropriate data privacy policies which permit the transfer and retention of the Customer Personal Data of such End Users by Expedia to Decolar.

Data Privacy Notice

Data Privacy. This section replaces [Section 16] of the Agreement:

Data Privacy. The following provision supplements Section 16 of the Award:

subject to [Section 10.2.1(b)], changes to the Program Privacy Policy;