Business Associate Agreement

While Commvault does not have visibility into the nature of Customer Data due to encryption, we understand our Customers may be subject to the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act Title XIII of the American Recovery and Reinvestment Act, 2009 and regulations promulgated thereunder from time to time (“HIPAA”). To the extent Customer chooses to backup protected health information (“PHI”) within the SaaS Solution, this Business Associate Agreement (the “BAA”) forms part of the Master Terms and Conditions, or other agreement between Commvault and Customer for the purchase of Commvault’s products and services. Any terms not defined have the same definition ascribed to them in the Master Terms and Conditions orHIPAA. Customer enters into this BAA as the Covered Entity. To execute this BAA, Customer should complete Customer’s information and return the fully executed BAA to contracts@commvault.com.