ENTERPRISE CONTRACT FOR AWS MARKETPLACE 1. Scope. 1.1 Terms and Conditions. This Enterprise Contract for AWS Marketplace (the “Enterprise Contract”) sets forth the terms and conditions applicable to the licensing of Software, whether deployed via AMI or SaaS, and the provision of Support Services by the Party offering the Software as a Enterprise Contract Listing (“Seller”) to the Party subscribing to the Software (“Buyer”) through the AWS Marketplace. Seller’s offer of the Software as a Enterprise Contract Listing on the AWS Marketplace, and Buyer’s purchase of the corresponding Subscription on the AWS Marketplace, constitutes each Party’s respective acceptance of this Enterprise Contract and their entry into this Agreement (defined below) with respect to the Subscription. Unless defined elsewhere in this Enterprise Contract, terms in initial capital letters have the meanings set forth in Section 14. Buyer and Seller may be referred to collectively as the “Parties” or individually as a “Party”. 1.2 Software Subscription. Seller will supply and sell to Buyer, and Buyer will license and purchase, respectively, a Subscription to the Licensed Materials and Services as set forth in the Enterprise Contract Listing in accordance with this Agreement. A Subscription, as described in the applicable Enterprise Contract Listing, may be for Software deployed via AMI (“AMI Software”) or Software deployed via SaaS (“SaaS Software”). Software may be targeted for specific geographic regions, and Support Services may vary by geography. A Subscription may be provided on a Metered Pricing, Entitlement Pricing or other basis through the functionality available through AWS Services. The fee or rate for the Subscription is set forth in the applicable Enterprise Contract Listing. For Subscriptions provided on a Metered Pricing basis, upon request by Buyer, Seller will provide sufficient documentation from its books and records to allow Buyer to verify the metered usage charged to Buyer for the Subscription. 1.3 Taxes. Each Party will be responsible, as required under applicable Law, for identifying and paying all taxes and other governmental fees and charges (and any penalties, interest and other additions thereto) that are imposed on that Party upon or with respect to the transactions and payments under this Agreement. Applicable taxes and duties may be due in addition to the fees or rates payable by Buyer. Seller may charge and Buyer will pay, where applicable, national, state or local sales or use taxes, or value added or goods and services tax, or withholding or other taxes (“Taxes”). Where required by local legislation, Amazon Web Services, Inc. may charge for Taxes in its own name for Subscriptions made by Buyers on the AWS Marketplace, and Buyer will pay such Taxes. Buyer will receive a compliant tax invoice, where required. Seller will be responsible for all other taxes or fees arising (including interest and penalties) from transactions and the documentation of transactions under this Agreement. Upon request, Buyer will provide such information to Seller as reasonably required to determine whether Seller is obligated to collect Taxes from Buyer. Seller will not collect (or will refund to Buyer), and Buyer will not be obligated to pay (or will be entitled to a refund from Seller), any such Tax or duty for which Buyer furnishes Seller a properly completed exemption certificate or a direct payment permit certificate or for which Seller claims an available exemption from Tax. Seller will provide Buyer with any forms, documents or certifications as may be required for Buyer to satisfy any information reporting or withholding tax obligations with respect to any payments under this Agreement. 1.4 Agreement. Each Subscription is subject to and governed by this Enterprise Contract, the applicable Enterprise Contract Listing, the terms and conditions of the NDA (if any), and the Privacy and Security Terms (if any) and any amendments to any of the foregoing as may be agreed upon by the Parties, which together constitute the agreement between Buyer and Seller (the “Agreement”). Each Subscription is a separate agreement between Buyer and Seller. In the event of any conflict between the terms and conditions of the various components of this Agreement, the following order of precedence will apply: (1) any amendment agreed upon by the parties, (2) the Privacy and Security Terms (if any), (3) the NDA (if any), (3) this Enterprise Contract, (4) and the Enterprise Contract Listing. Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 1 of 19 2. Licenses. 2.1 Licensed Materials. 2.1.1 If the Subscription is for AMI Software, Seller hereby grants to Buyer, subject to Section 2.1.3, a nonexclusive, worldwide (subject to Section 13.6), nontransferable (except in connection with an assignment permitted under Section 13.2 or a divestiture permitted under Section 13.3), non-terminable (except as provided in Section 11) license under all Proprietary Rights in and to the AMI Software and AMI Image, to deploy, operate and use the AMI Software and AMI Image under Buyer’s own AWS Services account on AWS Services infrastructure in accordance with the applicable Enterprise Contract Listing and to allow its Users to access and use the AMI Software and AMI Image as so deployed. 2.1.2 If the Subscription is for SaaS Software, Seller hereby grants to Buyer, subject to Section 2.1.3, a nonexclusive, worldwide (subject to Section 13.6), nontransferable (except in connection with an assignment permitted under Section 13.2 or a divestiture permitted under Section 13.3), non-terminable (except as provided in Section 11) license under all Proprietary Rights in and to the SaaS Software and SaaS Service, to access, receive and use the SaaS Software and SaaS Service in accordance with the applicable Enterprise Contract Listing and to allow its Users to access, receive and use the SaaS Software and SaaS Service. 2.1.3 Buyer may use the Software and, as applicable, the AMI Image or SaaS Service, only: in support of the internal operations of Buyer’s and its Affiliates’ business(es) or organization(s), in connection with Buyer’s and its Affiliates’ products and services (but, for clarity, not as a stand-alone product or service of Buyer or its Affiliates), and in connection with Buyer’s and its Affiliate’s interactions with Users. 2.1.4 Buyer may make a reasonable number of copies of the Documentation as necessary to use such Software, and as applicable the AMI Image, in accordance with the rights granted under this Agreement, provided that Buyer includes all proprietary legends and other notices on all copies. Seller retains all rights not expressly granted to Buyer under this Agreement. 2.2 Affiliates and Contractors. With respect to Affiliates and Contractors that Buyer allows to use the Licensed Materials: (a) Buyer remains primarily responsible for all obligations hereunder arising in connection with such Affiliate’s or Contractor’s use of the Licensed Materials; and (b) Buyer agrees to be directly liable for any act or omission by such Affiliate or Contractor to the same degree as if the act or omission were performed by Buyer such that a breach by an Affiliate or a Contractor of the provisions of this Agreement will be deemed to be a breach by Buyer. The performance of any act or omission under this Agreement by an Affiliate or a Contractor for, by or through Buyer will be deemed the act or omission of Buyer. 2.3 Restrictions. Except as specifically provided in this Agreement, Buyer and any other User of any Licensed Materials, in whole or in part, may not: (a) copy the Licensed Materials, in whole or in part; (b) distribute copies of Licensed Materials, in whole or in part, to any third party; (c) modify, adapt, translate, make alterations to or make derivative works based on Licensed Materials or any part thereof; (d) except as permitted by Law, decompile, reverse engineer, disassemble or otherwise attempt to derive source code from the Software; (e) use, rent, loan, sub-license, lease, distribute or attempt to grant other rights to any part of the Licensed Materials to third parties; (f) use the Licensed Materials to act as a consultant, service bureau or application service provider; or (g) permit access of any kind to the Licensed Materials to any third party. 2.4 Open Source Software. Subject to the requirements of Section 6.1(d), Software may contain or be provided with components that are subject to the terms and conditions of “open source” software licenses (“Open Source Software”). Open Source Software must be identified as such in the Enterprise Contract Listing or Documentation. To the extent required by the license to which the Open Source Software is subject, the terms of such license will apply in lieu of the terms of this Agreement with respect to such Open Source Software, including without limitation, any provisions governing attribution, access to source code, modification and reverse-engineering. Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 2 of 19 2.5 No Additional Terms. No shrink-wrap, click-acceptance or other terms and conditions outside this Agreement provided with any Licensed Materials or any part thereof (“Additional Terms”) will be binding on Buyer or its Users, even if use of the Licensed Materials, or any part thereof, requires an affirmative “acceptance” of such Additional Terms before access to or use of the Licensed Materials, or any part thereof, is permitted. All such Additional Terms will be of no force or effect and will be deemed rejected by Buyer in their entirety. For clarity, the Software, Subscription type (AMI or SaaS), fee structure (Entitlement Pricing or Metered Pricing), technical requirements for use of the Software, Support Services and Seller’s Security Policy set forth or referenced in the Enterprise Contract Listing are not Additional Terms subject to this Section. 2.6 High-Risk Activities. The Software is not developed or intended for use in high-risk, hazardous environments requiring fail-safe performance, including without limitation in the operation of nuclear facilities, aircraft navigation or control systems, air traffic control, or weapons systems, or any other application in which the failure of the Software could lead to severe physical or environmental damages (“High Risk Activities”). Buyer will not use the Software for High Risk Activities. 3. Services. 3.1 SaaS Service. If Buyer is purchasing a SaaS Subscription, Seller will provide the SaaS Service to Buyer in accordance with the Enterprise Contract Listing promptly following purchase of the Subscription and continuing until completion of the Subscription. Seller will provide Buyer all license keys, access credentials and passwords necessary for access and use of the Software and SaaS Service (“Keys”) as set forth in the Enterprise Contract Listing. 3.2 Support Services. Seller will provide sufficient Documentation to allow a reasonably competent user to access and use the Software. Seller will provide Support Services to Buyer in accordance with the support plan set forth or incorporated into the Enterprise Contract Listing. 4. Review. For any Subscription with Entitlement Pricing (a) that is $100,000 or more or (b) that has a Subscription period of one year or more, but (c) excluding any Subscription that is a renewal of an expiring Subscription or that merely increases the quantity of Buyer’s then-current use of such Software (e.g., additional hosts, CPU capacity, users or other metric) under an existing Subscription to such Software of the same deployment (i.e., AMI or SaaS) whether on a trial, free or paid basis, then this Section 4 will apply. 4.1 Review Period. For a period of 45 days from purchase of the Subscription (“Review Period”), Buyer may review, test, and evaluate the Software to determine whether the Software conforms, in all material respects, to the Software Documentation in effect when the Subscription is purchased. During the Review Period, and at no additional cost to Buyer, Seller will be available to provide consultation related to technical support of the Licensed Materials and, as applicable, the SaaS Service as reasonably requested by Buyer; however, Buyer is responsible for any testing during the Review Period, and such consultation does not entitle Buyer to implementation or configuration services from Seller. 4.2 Acceptance. The Software will be deemed accepted upon conclusion of the Review Period unless Buyer has notified Seller in writing of the Software’s nonconformity, in any material respect, with its Documentation during the Review Period. Buyer’s acceptance of the Software does not waive or discharge any of Seller’s responsibilities for the Software’s compliance with the warranties set forth in this Agreement, or any of Buyer’s rights and remedies or Seller’s duties and obligations with respect thereto. 4.3 Nonconformities. If Buyer notifies Seller within the Review Period of any nonconformity of the Software, in any material respect, with its Documentation, then Seller will have a 30 day period to fix the Software to comply with its Documentation in all material respects and resubmit the Software to Buyer for review, in which case the Review Period will recommence in its entirety. If the resubmitted Software does not comply with the Documentation in all material respects, then Buyer may reject the Software, cancel the Subscription without further liability and require Seller to promptly and fully refund Buyer’s payment for the Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 3 of 19 cancelled Subscription. The right to cure and cure periods in Section 11 will not apply to any such termination. 5. Proprietary Rights. 5.1 Licensed Materials. Subject to the licenses granted herein, Seller will retain all right, title and interest it may have in and to the Licensed Materials, including all Proprietary Rights therein. Nothing in this Agreement will be construed or interpreted as granting to Buyer any rights of ownership or any other proprietary rights in or to the Licensed Materials. 5.2 Feedback. If Buyer provides any suggestions, ideas, enhancement requests, recommendations or feedback regarding the Licensed Materials or Support Services (“Feedback”), Seller may use and incorporate Feedback in Seller’s products and services. Buyer will have no obligation to provide Feedback, and all Feedback is provided by Buyer “as is” and without warranty of any kind. 6. Warranties. 6.1 Licensed Materials. Seller represents and warrants that: (a) the Software, and as applicable the AMI Image or SaaS Service, will conform, in all material respects, to the Documentation, in the case of SaaS Software for the term of the Subscription and, in the case of AMI Software, until 90 days after conclusion of the Review Period (if any) and if there is no Review Period then until 90 days after Buyer’s purchase of the Subscription; (b) AMI Software will not contain any automatic shut-down, lockout, “time bomb” or similar mechanisms that could interfere with Buyer’s exercise of its rights under this Agreement; (c) Seller will use industry standard practices designed to detect and protect the Software against any viruses, “Trojan horses”, “worms”, spyware, adware or other harmful code designed or used for unauthorized access to or use, disclosure, modification or destruction of information within the Software or interference with or harm to the operation of the Software or any systems, networks or data, including as applicable using anti-malware software and keeping the anti-malware software up to date prior to making the Software (including any Software provided through Support Services) available to Buyer, and for SaaS Software, scanning the SaaS Software on a regular basis; (d) the Software, and Buyer’s use thereof as permitted under this Agreement, will not be subject to any license or other terms that require that any Buyer Data, Buyer Materials or any software, documentation, information or other materials integrated, networked or used by Buyer with the Software, in whole or in part, be disclosed or distributed in source code form, be licensed for the purpose of making derivative works, or be redistributable at no charge; and (e) the Software, and as applicable the AMI Image or SaaS Service, will conform, to the extent applicable, with then-current Web Content Accessibility Guidelines (WCAG) and any other applicable Laws. 6.2 Services. Seller represents and warrants that the Services will be performed in a professional manner with a level of care, skill and diligence performed by experienced and knowledgeable professionals in the performance of similar services. 6.3 Remedies. If any Software or Services fails to conform to the foregoing warranties, Seller promptly will, at its option and expense, correct the Software and re-perform the Services as necessary to conform to the warranties. If Seller does not correct the Software or re-perform the Services to conform to the warranties within a reasonable time, not to exceed 30 days, as Buyer’s sole remedy and Seller’s exclusive liability (except as provided in Section 10), Buyer may terminate the Subscription and this Agreement and receive a refund of any prepaid fees prorated for the unused portion of the Subscription and the portion of the Subscription’s noncompliance, as measured from the time Buyer reports the noncompliance to Seller through Seller’s support channel. 6.4 Warranty Exclusions. Seller will have no liability or obligation with respect to any warranty to the extent attributable to any: (a) use of the Software by Buyer in violation of this Agreement or applicable Law; (b) unauthorized modifications to the Licensed Materials made by Buyer or its Personnel; (c) use of the Software in combination with third-party equipment or software not provided or made accessible by Seller or contemplated by the Enterprise Contract Listing or Documentation; or (d) use by Buyer of Software in conflict Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 4 of 19 with the Documentation, to the extent that such nonconformity would not have occurred absent such use or modification by Buyer. 6.5 Compliance with Laws. Each Party represents and warrants that it will comply with all applicable international, national, state and local laws, ordinances, rules, regulations and orders, as amended from time to time (“Laws”) applicable to such Party in its performance under this Agreement. 6.6 Power and Authority. Each Party represents and warrants that: (a) it has full power and authority to enter in and perform this Agreement and that the execution and delivery of this Agreement has been duly authorized; and (b) this Agreement and such Party’s performance hereunder will not breach any other agreement to which the Party is a party or is bound or violate any obligation owed by such Party to any third party. 6.7 Disclaimer. EXCEPT FOR THE WARRANTIES SPECIFIED IN THIS AGREEMENT, NEITHER PARTY MAKES ANY WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, REGARDING THE LICENSED MATERIALS, SERVICES, BUYER MATERIALS AND BUYER DATA, AND EACH PARTY HEREBY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. Seller does not warrant: (a) that the Licensed Materials will meet Buyer’s requirements; or (b) that the operation of the Software will be uninterrupted or error free. 7. Confidentiality. 7.1 Confidential Information. “Confidential Information” means any nonpublic information directly or indirectly disclosed by either Party (the “Disclosing Party”) to the other Party (the “Receiving Party”) or accessible to the Receiving Party pursuant to this Agreement that is designated as confidential or that, given the nature of the information or the circumstances surrounding its disclosure, reasonably should be considered as confidential, including without limitation technical data, trade secrets, know- how, research, inventions, processes, designs, drawings, strategic roadmaps, product plans, product designs and architecture, security information, marketing plans, pricing and cost information, marketing and promotional activities, business plans, customer and supplier information, employee and User information, business and marketing plans, and business processes, and other technical, financial or business information, and any third party information that the Disclosing Party is required to maintain as confidential. Confidential Information will not, however, include any information which: (a) was publicly known or made generally available to the public prior to the time of disclosure; (b) becomes publicly known or made generally available after disclosure through no fault of the Receiving Party; (c) is in the possession of the Receiving Party, without restriction as to use or disclosure, at the time of disclosure by the Disclosing Party; (d) was lawfully received, without restriction as to use or disclosure, from a third party (who does not have an obligation of confidentiality or restriction on use itself); or (e) is developed by the Receiving Party independently from this Agreement and without use of or reference to the Disclosing Party’s Confidential Information or Proprietary Rights. Except for rights expressly granted in this Agreement, each Party reserves all rights in and to its Confidential Information. The Parties agree that the Licensed Materials are Confidential Information of Seller. 7.2 Obligations. The Parties will maintain as confidential and will avoid disclosure and unauthorized use of Confidential Information of the other Party using reasonable precautions. Each Party will protect such Confidential Information with the same degree of care that a prudent person would exercise to protect its own confidential information of a like nature, and to prevent the unauthorized, negligent, or inadvertent use, disclosure, or publication thereof or access thereto. Each Party will restrict Confidential Information to individuals who need to know such Confidential Information and who are bound to confidentiality obligations at least as protective as the restrictions described in this Section 7. Except as necessary for the proper use of the Software, the exercise of a Party’s rights under this Agreement, performance of a Party’s obligations under this Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 5 of 19 Agreement or as otherwise permitted under this Agreement, neither Party will use Confidential Information of the other Party for any purpose except in fulfilling its obligations or exercising its rights under this Agreement. Each Party will promptly notify the other Party if it becomes aware of any unauthorized use or disclosure of the other Party’s Confidential Information, and reasonably cooperate with the other Party in attempts to limit disclosure. 7.3 Compelled Disclosure. If and to the extent required by law, including regulatory requirements, discovery request, subpoena, court order or governmental action, the Receiving Party may disclose or produce Confidential Information but will give reasonable prior notice (and where prior notice is not permitted by applicable Law, notice will be given as soon as the Receiving Party is legally permitted) to the Disclosing Party to permit the Disclosing Party to intervene and to request protective orders or confidential treatment therefor or other appropriate remedy regarding such disclosure. Disclosure of any Confidential Information pursuant to any legal requirement will not be deemed to render it non-confidential, and the Receiving Party’s obligations with respect to Confidential Information of the Disclosing Party will not be changed or lessened by virtue of any such disclosure. 7.4 NDA. Buyer and Seller may agree that a separate nondisclosure agreement between Buyer and Seller (or the respective Affiliates of Buyer and Seller) (“NDA”) will apply to the Subscription, in which case the terms and conditions thereof are incorporated herein by reference and will apply instead of subsections 7.1 through 7.3 of this Section 7. 8. Additional SaaS Service Obligations and Responsibilities. This Section 8 applies to Subscriptions for SaaS Software and SaaS Service only: 8.1 Acceptable Use. Buyer will not intentionally use the SaaS Software or SaaS Service to: (a) store, download or transmit infringing or illegal content, or any viruses, “Trojan horses” or other harmful code; (b) engage in phishing, spamming, denial-of-service attacks or fraudulent or criminal activity; (c) interfere with or disrupt the integrity or performance of the Software or data contained therein or on Seller’s system or network; or (d) perform penetration testing, vulnerability testing or other security testing on the Software or Seller’s systems or networks or otherwise attempt to gain unauthorized access to the Software or Seller’s systems or networks. 8.2 Buyer Data and Buyer Materials. 8.2.1 Buyer is responsible for obtaining all necessary consents, authorizations and rights and providing all necessary notifications in order to provide Buyer Data to Seller and for Seller to use Buyer Data in the performance of its obligations in accordance with the terms and condition of this Agreement. Buyer will not collect, process, store or transmit through the Software or Services, and Buyer Data must not include or contain data that subjects Buyer or Seller to data privacy Laws based on the storage or processing of Buyer Data by the SaaS Service (where compliance with such Laws is not addressed by this Agreement). 8.2.2 The Parties agree that Buyer Data and Buyer Materials are Confidential Information of Buyer. Buyer hereby grants to Seller a nonexclusive, nontransferable (except in connection with an assignment permitted under Section 13.2), revocable license, under all Proprietary Rights, to reproduce and use Buyer Materials and Buyer Data solely for the purpose of, and to the extent necessary for, performing Seller’s obligations under this Agreement. Buyer is and will continue to be the sole and exclusive owner of all Buyer Materials, Buyer Data and other Confidential Information of Buyer, including the results of processing or manipulating any Buyer Data by Seller and any aggregated data, de-identified data or other data derivatives developed, prepared or created by or through the Software or any Services. In no event will Seller access, use or disclose to any third party any Buyer Data (including any aggregation or de-identification) or any Buyer Materials for any purpose whatsoever (including, without limitation, the marketing of Seller’s other products or services) other than as necessary for the purpose of providing the Software and Services to Buyer and performing its obligations under this Agreement. Seller will not aggregate, anonymize or create any data derivatives of Buyer Data other than as necessary to provide the Software or Services and to perform its obligations in accordance with Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 6 of 19 the terms and conditions of this Agreement. 8.2.3 Buyer will have full access to, and has the right to review and retain, the entirety of Buyer Data contained in the Software. At no time will any computer or electronic records containing Buyer Data be stored or held in a form or manner not readily accessible to Buyer through the ordinary operation of the Software. Seller will provide to Buyer all passwords, codes, comments, keys and documentation necessary for such access and use of the Software. Buyer will be entitled to delete, or have Seller delete, Buyer Data as expressly specified by Buyer. 8.3 System Data. Seller may collect and use System Data internally to provide and improve the Software and Services and Seller’s other products and services, provided that (a) Seller will not target any data analysis at, or otherwise use System Data to derive or attempt to derive information regarding, Buyer and its Affiliates, their businesses, operations, finances, users, customers, prospective customers, suppliers or other persons interacting with Buyer and its Affiliates; and (b) Seller will not target any development efforts, marketing, communications or promotions at Buyer and its Affiliates or any other person on the basis of the intended recipient’s relationship with Buyer or any of its Affiliates. Seller will not use or disclose System Data for any other purpose unless otherwise agreed in writing by the Parties. 8.4 Use of Other Data. Notwithstanding the foregoing, nothing in this Agreement will restrict: (a) Seller’s use of statistics and aggregate data derived from System Data where the derived data does not identify or permit, alone or in conjunction with other data, identification, association, or correlation of or with (i) Buyer, its Affiliates, Users, customers, suppliers or other persons interacting with Buyer and its Affiliates; or (ii) any device (e.g. computer, mobile telephone, or browser) used to access or use the Software as originating through Buyer or its Affiliates or interacting with Buyer or its Affiliates; or (b) either Party’s use of any data, records, files, content or other information related to any third party that is collected, received, stored or maintained by a Party independently from this Agreement. 8.5 Security. 8.5.1 Seller will, consistent with industry standard practices, implement and maintain physical, administrative and technical safeguards and other security measures: (a) to maintain the security and confidentiality of Buyer Data; and (b) to protect Buyer Data from known or reasonably anticipated threats or hazards to its security, availability and integrity, including accidental loss, unauthorized use, access, alteration or disclosure. Seller will safeguard Buyer Data with at least the degree of care it uses to protect its own sensitive information of a like nature and no less than a reasonable degree of care. 8.5.2 Seller will provide Buyer a copy of or online viewing access to a summary of its security practices applicable to the Buyer Data (Seller’s “Security Policy”) and any material updates to its Security Policy. Seller will comply in its performance of this Agreement with the Security Policy. Without limiting the generality of the foregoing, Seller will conduct regular penetration testing or other appropriate security testing and security audits and, upon reasonable request from Buyer, provide Buyer a copy of or online viewing access to reports summarizing such testing and audits. Such information may be provided as part of Seller’s Security Policy. 8.5.3 Seller will inform Buyer promptly (but in any event within 72 hours) upon discovery of any actual or reasonably suspected compromise, unauthorized access to, alteration, loss, use or disclosure of any Buyer Data or any other breach of the confidentiality, security or integrity of Buyer Data (each, a “Security Incident”), will investigate and conduct a root cause analysis on the Security Incident and take all reasonable steps to prevent further compromise, access, alteration, loss, use or disclosure of such Buyer Data; provided however that no notice is required for, and Security Incidents do not include, “unsuccessful” security incidents, such as pings on a firewall, that do not represent a risk to the Buyer Data. Seller will provide Buyer written details and regular updates regarding Seller’s internal investigation of each Security Incident, and Seller will cooperate and work together with Buyer to formulate and execute a plan to rectify all confirmed Security Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 7 of 19 Incidents. 8.6 Business Continuity. Seller will establish, implement, invoke when needed, and comply with a business continuity plan (“Business Continuity Plan”) that incorporates Seller’s contingency plans, recovery plans (including recovery point objective and recovery time objective) and risk controls designed to enable Seller’s continued performance under this Agreement consistent with any applicable recovery time objective specified therein and to recover Buyer Data consistent with the recovery point objective specified therein in the event that any of Seller’s hardware, software networks, systems or other facilities experience a security breach or any significant interruption or impairment of operation or any loss, deletion, corruption or alteration of data. 8.7 Data Protection Legislation. 8.7.1 Each Party will comply with all applicable country specific data protection Laws, including but not limited to the Directive 95/46/EC of the European Parliament and, once it comes into effect, Regulation 2016/679 of the European Parliament and of the Council, and any implementation thereof in national law. The Parties acknowledge and agree that they will consider in good faith implementing any codes of practice and best practice guidance issued by relevant authorities as they apply to applicable country specific data protection Laws, the Directive, and the Regulation. 8.7.2 Without limiting the generality of the foregoing, if Seller is collecting or furnishing Personal Data to Buyer or if Seller is processing, storing or transferring Personal Data on behalf of Buyer, then Seller and Buyer and/or their Affiliate(s), as applicable, will agree to supplemental privacy and security terms consistent with applicable Law, and if the Personal Data is regarding individuals in the European Economic Area, Seller and Buyer agree to be bound by the Data Processing Addendum (Addendum 1) or other terms and conditions agreed upon by Buyer and Seller that reflects their respective legal obligations with respect to Personal Data, and any applicable data transfer mechanisms (collectively, the “Privacy and Security Terms”). For purposes of this Section, “Personal Data” means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity. For the avoidance of doubt, no Personal Data should be processed or transferred without Privacy and Security Terms necessary for compliance with applicable Law. 8.7.3 For the purposes of this Section 8.7.3, it is assumed that, and this Section 8.7.3 only applies if, Seller is located outside of the European Economic Area and Buyer is located in the European Economic Area. If Buyer transfers Personal Data to Seller, then Seller and Buyer must agree on and implement a data transfer mechanism compliant with European Union law, such as Standard Contractual Clauses or the EU- U.S. Privacy Shield, unless Seller is in a country approved by the European Commission to receive data of European Union persons without such mechanisms. Seller shall ensure that all of its subprocessors, which shall be previously approved by Buyer, are bound by a written agreement consistent with the Parties’ chosen data transfer mechanism. If Seller is, and so long as Seller remains, Privacy Shield Certified with respect to the type of Personal Data collected, stored, furnished, processed or transferred by Seller, then Buyer and Seller may elect to rely on Seller’s Privacy Shield Certification. “Privacy Shield Certification” means Seller: (a) complies with the requirements of the EU-U.S. and/or Swiss-U.S. Privacy Shield, including the Accountability for Onward Transfer Principle; (b) is registered under the U.S. Department of Commerce’s Privacy Shield certification program and maintains an active self-certification; (c) is listed as certified by the U.S. Department of Commerce on https://www.privacyshield.gov/ or a successor website; and (d) Personal Data transferred to Seller pursuant to this agreement is fully covered by the scope of Seller’s EU-U.S. Privacy Shield Certification. 8.8 Remedies. Each Party agrees that in the event of a breach or threatened breach of this Section 8, the non-breaching Party will be entitled to injunctive relief against the breaching Party in addition to any other remedies to which the non-breaching Party may be entitled. Either Party may terminate this Agreement Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 8 of 19 immediately upon written notice to the other Party if the other Party breaches any of the provisions set forth in this Section 8. 9. Limitations of Liability. 9.1 Disclaimer; General Cap. SUBJECT TO SECTIONS 9.2 AND 9.3, IN NO EVENT WILL (a) EITHER PARTY BE LIABLE TO THE OTHER PARTY FOR ANY INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND (b) EITHER PARTY’S AGGREGATE LIABILITY UNDER THIS AGREEMENT, WHETHER SUCH DAMAGES ARE BASED IN CONTRACT, TORT OR OTHER LEGAL THEORY, EXCEED THE GREATER OF THREE TIMES THE FEES AND OTHER AMOUNTS PAID AND PAYABLE BY BUYER UNDER THIS AGREEMENT IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO THE DAMAGES OR $1 MILLION. 9.2 Exceptions. THE EXCLUSIONS OF OR LIMITATIONS ON LIABILITY SET FORTH IN SECTION 9.1 WILL NOT APPLY TO: (a) A PARTY’S GROSS NEGLIGENCE, WILLFUL MISCONDUCT, FRAUD OR VIOLATION OF LAW; (b) A PARTY’S DEFENSE AND INDEMNIFICATION OBLIGATIONS HEREUNDER; AND (c) UNAUTHORIZED ACCESS, USE OR DISCLOSURE OF BUYER DATA RESULTING FROM BREACH OF SELLER’S OBLIGATIONS UNDER SECTION 8.5 OR ANY PRIVACY AND SECURITY TERMS. 9.3 Special Cap. SELLER’S AGGREGATE LIABILITY UNDER THIS AGREEMENT AND IN CONNECTION WITH ANY UNAUTHORIZED ACCESS, USE OR DISCLOSURE OF BUYER DATA RESULTING FROM BREACH OF SELLER’S OBLIGATIONS UNDER SECTION 8.5 OR ANY PRIVACY AND SECURITY TERMS AND THE EVENTS GIVING RISE THERETO, WHETHER SUCH DAMAGES ARE BASED IN CONTRACT, TORT OR OTHER LEGAL THEORY, WILL NOT EXCEED (IN LIEU OF AND NOT IN ADDITION TO THE AMOUNT SET FORTH IN SECTION 9.1) THE GREATER OF FIVE TIMES THE FEES AND OTHER AMOUNTS PAID AND PAYABLE BY BUYER UNDER THIS AGREEMENT IN THE 12 MONTHS PRECEDING THE EVENT GIVING RISE TO THE DAMAGES OR $7 MILLION. 10. Indemnification. 10.1 Seller Indemnity. Seller will, at its expense, indemnify, defend and hold harmless Buyer and its Affiliates and their respective officers, directors, employees, agents and representatives (collectively “Buyer Indemnified Parties”) from and against any and all claims, actions, proceedings and suits brought by a third party, and any and all liabilities, losses, damages, settlements, penalties, fines, costs and expenses (including reasonable attorneys’ fees) (“Claims”), to the extent arising out of or relating to an allegation of any of the following: (a) infringement, misappropriation or violation of any Proprietary Rights by the Licensed Materials or Buyer’s exercise of its rights under this Agreement; and (b) any unauthorized access, use or disclosure of Buyer Data resulting from breach of Seller’s obligations under Section 8.5 or any Privacy and Security Terms. 10.2 Buyer Indemnity. Buyer will, at its expense, indemnify, defend and hold harmless Seller and its Affiliates and their respective officers, directors, employees, agents and representatives (collectively “Seller Indemnified Parties”) from and against any and all Claims to the extent arising out of or relating to an allegation of any violation of any Proprietary Rights by the Buyer Materials or Buyer Data or Seller’s use thereof as permitted under this Agreement. 10.3 Process. The Party(ies) seeking indemnification pursuant to this Section 10 (each, an “Indemnified Party” and collectively, the “Indemnified Parties”) will give the other Party (the “Indemnifying Party”) prompt notice of each Claim for which it seeks indemnification, provided that failure or delay in providing such notice will not release the Indemnifying Party from any obligations hereunder except to the extent Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 9 of 19 that the Indemnifying Party is prejudiced by such failure. The Indemnified Parties will give the Indemnifying Party their reasonable cooperation in the defense of each Claim for which indemnity is sought, at the Indemnifying Party’s expense. The Indemnifying Party will keep the Indemnified Parties informed of the status of each Claim. An Indemnified Party may participate in the defense at its own expense. The Indemnifying Party, without the Indemnified Parties’ prior written consent, (a) will not enter into any settlement that (i) includes any admission of guilt or wrongdoing by any Indemnified Party, (ii) imposes any financial obligations on any Indemnified Party that Indemnified Party is not obligated to pay under this Section 10, (iii) imposes any non- monetary obligations on any Indemnified Party, and (iv) does not include a full and unconditional release of any Indemnified Parties; and (b) will not consent to the entry of judgment, except for a dismissal with prejudice of any Claim settled as described in (a). The Indemnifying Party will ensure that any settlement into which it enters for any Claim is made confidential, except where not permitted by applicable Law. 10.4 Infringement Remedy. In addition to Seller’s obligations under Section 10.1, if the Software or other Licensed Materials is held, or in Seller’s opinion is likely to be held, to infringe, misappropriate or violate any Proprietary Rights, or, if based on any claimed infringement, misappropriation or violation of Proprietary Rights, an injunction is obtained, or in Seller’s opinion an injunction is likely to be obtained, that would prohibit or interfere with Buyer’s use of the Licensed Materials under this Agreement, then Seller will at its expense either: (a) procure for Buyer the right to continue using the affected Licensed Materials in accordance with the license granted under this Agreement; or (b) modify or replace the affected Licensed Materials so that the modified or replacement Licensed Materials are reasonably comparable in functionality, interoperability with other software and systems, and levels of security and performance and do not infringe, misappropriate or violate any third-party Proprietary Rights. If, in such circumstances, Seller does not successfully accomplish any of the foregoing actions on a commercially reasonable basis, either Party may terminate the Subscription and this Agreement and Seller will refund to Buyer all prepaid, unused amounts for the Subscription as well as fees paid for the Subscription attributable to the period of actual or alleged infringement. For clarity, Seller’s indemnification and defense obligations under this Section include infringement Claims based on use of the Licensed Materials by Buyer Indemnified Parties following an initial infringement Claim except that, if Seller responds to an infringement Claim by accomplishing the solution in (b), Seller will have no obligation to defend and indemnify Buyer for infringement Claims arising from Buyer’s use after the accomplishment of (b) of the infringing Licensed Materials for which Seller provided modified or replacement Licensed Materials. 10.5 Limitations. 10.5.1 Seller will have no liability or obligation under this Section 10 with respect to any infringement Claim to the extent attributable to any: (a) modifications to the Licensed Materials not provided by Seller or its Personnel; (b) use of the Software in combination with third-party equipment or software not provided or made accessible by Seller or not contemplated by the Enterprise Contract Listing or Documentation; or (c) use of the Licensed Materials by Buyer in breach of this Agreement (excluding over-deployment of Software which is subject to Section 11.3), in each case where such infringement Claim would not have arisen absent such modification or use. 10.5.2 Buyer will have no liability or obligation under this Section 10 with respect to any infringement Claim to the extent attributable to any: (a) modifications to the Buyer Materials or Buyer Data not provided by Buyer or its Personnel; or (b) use of the Buyer Materials or Buyer Data by Seller in breach of this Agreement, in each case where such infringement Claim would not have arisen absent such modification or use. 10.5.3 This Section 10 states the entire liability of Seller with respect to infringement of Proprietary Rights of third parties by any Licensed Materials or any part thereof or by its operation by Buyer, and this Section 10 states the entire liability of Buyer with respect to infringement of Proprietary Rights of third parties by any Buyer Materials or Buyer Data or any part thereof or by its use by Seller. 10.6 Not Limiting. The foregoing indemnities will not be limited in any manner whatsoever by any required or other insurance coverage maintained by a Party. Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 10 of 19 11. Term and Termination. 11.1 Term. This Agreement will continue in full force and effect until conclusion of the Subscription, unless terminated earlier by either Party as provided by this Agreement. 11.2 Termination for Convenience. Buyer may terminate the Subscription or this Agreement without cause at any time upon notice to Seller or using the termination or cancellation functionality available through the AWS Services. If a Subscription with Metered Pricing, Buyer will pay for all Software usage up to the time of termination. If a Subscription with Entitlement Pricing, Buyer will not be entitled to refund of fees for any unused portion of the Subscription Entitlement. 11.3 Termination for Cause. Either Party may terminate the Subscription or this Agreement if the other Party materially breaches this Agreement and does not cure the breach within 30 days following its receipt of written notice of the breach from the non-breaching Party. However, Seller’s exclusive remedy for Buyer’s over-deployment of the Software is payment of the applicable incremental fees for such use, provided that Buyer pays such incremental fees within 30 days when invoiced therefor by Seller. Termination by Seller pursuant to this Section does not prejudice Buyer’s right, and Seller’s obligation, to extract or assist with the retrieval or deletion of Buyer Data as set forth in Section 11.4.2 following such termination. 11.4 Effect of Termination. 11.4.1 Upon termination or expiration of the Subscription or this Agreement, Buyer’s right to use the Software licensed under such Subscription will terminate, and Buyer’s access to the Software and Service provided under such Subscription may be disabled and discontinued. Termination or expiration of any Subscription purchased by Buyer from Seller will not terminate or modify any other Subscription purchased by Buyer from Seller. 11.4.2 Within 30 days following termination or expiration of any SaaS Subscription for any reason and on Buyer’s written request at any time before termination or expiration, Seller will extract from the SaaS Service and return to Buyer all Buyer Data, or if Buyer is able directly to retrieve or delete Buyer Data from the SaaS Service, then for a period of 30 days following termination or expiration of this Agreement for any reason, Buyer may retrieve or delete Buyer Data itself with support from Seller as reasonably requested by Buyer. If Buyer retrieves or deletes Buyer Data itself, Seller will assist Buyer, as reasonably requested by Buyer, in validating whether the retrieval or deletion was successful. Buyer Data must be provided or extractable in a then- current, standard nonproprietary format. Notwithstanding anything herein to the contrary, Seller’s duty to return or enable Buyer’s retrieval or deletion of the Buyer Data pursuant to this Section 11.4.2 will not be discharged due to the occurrence of any Force Majeure event. Following delivery to Buyer of the Buyer Data and Buyer’s confirmation thereof, or Buyer’s retrieval or deletion of Buyer Data and Seller’s validation thereof, Seller will permanently delete and remove Buyer Data (if any) from its electronic and hard copy records and will, upon Buyer’s request, certify to such deletion and removal to Buyer in writing. If Seller is not able to delete any portion of the Buyer Data or Buyer Confidential Information, it will remain subject to the confidentiality, privacy and data security terms of this Agreement. 11.4.3 Sections 5 (Proprietary Rights), 7 (Confidentiality), 9 (Limitations of Liability), 10 (Indemnification), 11.4 (Effect of Termination), 12 (Insurance), 13 (General) and 14 (Definitions) and any perpetual license granted under this Agreement, together with all other provisions of this Agreement that may reasonably be interpreted or construed as surviving expiration or termination, will survive the expiration or termination of this Agreement for any reason; but the nonuse and nondisclosure obligations of Section 8 will expire five years following the expiration or termination of this Agreement, except with respect to, and for as long as, any Confidential Information constitutes a trade secret. Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 11 of 19 12. Insurance. 12.1 Coverages. Each Party will obtain and maintain appropriate insurance necessary for implementing and performing under this Agreement in accordance with applicable Law and in accordance with the requirements of this Section 12. Subject to Seller’s right to self-insure as described below, Seller will at its own cost and expense, acquire and continuously maintain the following insurance coverage during the term of this Agreement and for one year after: 12.1.1 Commercial General Liability insurance, including all major coverage categories, including premises-operations, property damage, products/completed operations, contractual liability, personal and advertising injury with limits of $5,000,000 per occurrence and $5,000,000 general aggregate, and $5,000,000 products/completed operations aggregate; 12.1.2 Professional Liability insurance, covering liabilities for financial loss resulting or arising from acts, errors or omissions in rendering Services in connection with this Agreement including acts, errors or omissions in rendering computer or information technology Services, proprietary rights infringement, data damage/destruction/corruption, failure to protect privacy, unauthorized access, unauthorized use, virus transmission and denial of service from network security failures with a minimum limit of $5,000,000 each claim and annual aggregate; 12.1.3 If a SaaS Subscription, Cyber Liability, with limits of $5,000,000 each claim and annual aggregate, providing for protection against liability for: (a) system attacks; (b) denial or loss of service attacks; (c) spread of malicious software code; (d) unauthorized access and use of computer systems; (e) liability arising from loss or disclosure of personal or corporate confidential data; (f) cyber extortion; (g) breach response and management coverage; (h) business interruption; and (i) invasion of privacy; and 12.1.4 If a SaaS Subscription, Computer Crime Insurance with limits of $1,000,000 and Employee Theft/Buyer Insurance Coverage with limits of $500,000. 12.2 Umbrella Insurance; Self-Insurance. The limits of insurance may be satisfied by any combination of primary and umbrella/excess insurance. In addition, either Party may satisfy its insurance obligations specified in this Agreement through a self-insured retention program. Upon request by Buyer, Seller will provide evidence of Seller’s self-insurance program in a formal declaration (on Seller’s letterhead, if available) that declares Seller is self-insured for the type and amount of coverage as described in Section 12.1. Seller’s declaration may be in the form of a corporate resolution or a certified statement from a corporate officer or an authorized principal of Seller. The declaration also must identify which required coverages are self-insured and which are commercially insured. 12.3 Certificates and Other Requirements. Prior to execution of this Agreement and annually thereafter during the term, Buyer may request that Seller furnish to Buyer a certificate of insurance evidencing the coverages set forth above naming Buyer as an additional insured on the Commercial General Liability coverage listed above. Seller’s Commercial General Liability and any umbrella insurance relied upon to meet the obligations in this Section will be primary and non-contributory coverage and the policies will not contain any intra-insured exclusions as between insured persons or organizations. Seller’s Commercial General Liability policy will provide a waiver of subrogation in favor of Buyer and its Affiliates. The stipulated limits of coverage above will not be construed as a limitation of any potential liability to Buyer, and failure to request evidence of this insurance will not be construed as a waiver of Seller’s obligation to provide the insurance coverage specified. 13. General. 13.1 Applicable Law. This Agreement will be governed and interpreted under the laws of the State of New York, excluding its principles of conflict of laws. The Parties agree that the exclusive forum for any Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 12 of 19 action or proceeding will be in New York County, New York, and the Parties consent to the jurisdiction of the state and federal courts located in New York County, New York. The Parties agree that the United Nations Convention on Contracts for the International Sale of Goods does not apply to this Agreement. 13.2 Assignment. Neither Party may assign or transfer this Agreement or any rights or delegate any duties herein without the prior written consent of the other Party, which will not be reasonably withheld, delayed or conditioned. Notwithstanding the foregoing, and without gaining the other Party’s written consent, either Party may assign this Agreement, in whole or part, and delegate its obligations to its Affiliates or to any entity acquiring all or substantially all of its assets related to the Enterprise Contract Listing or the assigning Party’s entire business, whether by sale of assets, sale of stock, merger or otherwise. Any attempted assignment, transfer or delegation in contravention of this Section 13.2 will be null and void. This Agreement will inure to the benefit of the Parties hereto and their permitted successors and assigns. 13.3 Divestiture. If Buyer divests a portion of its business to one or more organizations that are not Affiliates of Buyer, or if an entity ceases to be an Affiliate of Buyer (such divested business unit or such entity, a “Divested Affiliate”), Seller agrees to allow such Divested Affiliate to continue to use the Software, and Buyer may elect that (a) such Divested Affiliate continue, as if it were a Buyer Affiliate, to use the Software under Buyer’s AWS Marketplace account if an AMI Subscription and under Buyer’s account with Seller if a SaaS Subscription for the remainder of the Subscription, or (b) such Divested Affiliate may obtain its own Subscription to the Software for a period of 90 days after the effective date of such divestiture under the same terms and conditions as this Agreement and the same pricing as set forth in the Enterprise Contract Listing. Use by a Divested Affiliate after the conclusion of the Subscription or 90 day period, as applicable, will require a separately purchased subscription from Seller through an AWS Marketplace account of that Divested Affiliate or its then-current Affiliates. 13.4 Entire Agreement. This Agreement constitutes the entire agreement between the Parties relating to the subject matter hereof, and there are no other representations, understandings or agreements between the Parties relating to the subject matter hereof. This Agreement is solely between Buyer and Seller. Neither Amazon Web Services, Inc. nor any of its Affiliates are a party to this Agreement and none of them will have any liability or obligations hereunder. The terms and conditions of this Agreement will not be changed, amended, modified or waived unless such change, amendment, modification or waiver is in writing and signed by authorized representatives of the Parties. NEITHER PARTY WILL BE BOUND BY, AND EACH SPECIFICALLY OBJECTS TO, ANY PROVISION THAT IS DIFFERENT FROM OR IN ADDITION TO THIS AGREEMENT (WHETHER PROFFERED ORALLY OR IN ANY QUOTATION, PURCHASE ORDER, INVOICE, SHIPPING DOCUMENT, ONLINE TERMS AND CONDITIONS, ACCEPTANCE, CONFIRMATION, CORRESPONDENCE, OR OTHERWISE), UNLESS SUCH PROVISION IS SPECIFICALLY AGREED TO IN A WRITING SIGNED BY BOTH PARTIES. 13.5 Force Majeure. Neither Party will be liable hereunder for any failure or delay in the performance of its obligations in whole or in part, on account of riots, fire, flood, earthquake, explosion, epidemics, war, strike or labor disputes (not involving the Party claiming force majeure), embargo, civil or military authority, act of God, governmental action or other causes beyond its reasonable control and without the fault or negligence of such Party or its Personnel and such failure or delay could not have been prevented or circumvented by the non-performing Party through the use of alternate sourcing, workaround plans or other reasonable precautions, including, in the case of a SaaS Service, Seller’s Business Continuity Plan, as required under this Agreement (a “Force Majeure Event”). A Force Majeure Event will not excuse or suspend Seller’s obligation to invoke and follow its Business Continuity Plan in a timely fashion, and to the extent that such Business Continuity Plan was designed to cover the specific force majeure, or events caused by the Force Majeure Event, the foregoing will excuse Seller’s performance under this Agreement only for the period of time from the occurrence of the Force Majeure Event until Seller invokes its Business Continuity Plan. If a Force Majeure Event continues for more than 14 days for any Subscription with Entitlement Pricing, Buyer may cancel the unperformed portion of the Subscription and receive a pro rata refund for such unperformed portion. Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 13 of 19 13.6 Export Laws. Each Party will comply with all applicable customs and export control laws and regulations of the United States and/or such other country, in the case of Buyer, where Buyer or its Users use the Software or Services, and in the case of Seller, where Seller provides the Software or Services. Each Party certifies that it and its Personnel are not on any of the relevant U.S. Government Lists of prohibited persons, including but not limited to the Treasury Department’s List of Specially Designated Nationals and the Commerce Department’s list of Denied Persons. Neither Party will export, re-export, ship, or otherwise transfer the Licensed Materials, Services or Buyer Data to any country subject to an embargo or other sanction by the United States. 13.7 Government Rights. As defined in FARS §2.101, the Software and Documentation are “commercial items” and according to DFARS §252.227 and 7014(a)(1) and (5) are deemed to be “commercial computer software” and “commercial computer software documentation”. Consistent with FARS §12.212 and DFARS §227.7202, any use, modification, reproduction, release, performance, display or discourse of such commercial software or commercial software documentation by the U.S. government will be governed solely by the terms of this Agreement and will be prohibited except to the extent expressly permitted by the term of this Agreement. 13.8 Headings. The headings throughout this Agreement are for reference purposes only, and the words contained therein will in no way be held to explain, modify, amplify or aid in the interpretation, construction or meaning of the provisions of this Agreement. 13.9 No Third-Party Beneficiaries. Except as specified in Section 10 with respect to Buyer Indemnified Parties and Seller Indemnified Parties, nothing express or implied in this Agreement is intended to confer, nor will anything herein confer, upon any person other than the Parties and the respective successors or assigns of the Parties, any rights, remedies, obligations or liabilities whatsoever. 13.10 Notices. To be effective, notice under this Agreement must be given in writing. Each Party consents to receiving electronic communications and notifications from the other Party in connection with this Agreement. Each Party agrees that it may receive notices from the other Party regarding this Agreement: (a) by email to the email address designated by such Party as a notice address for the Enterprise Contract; (b) by personal delivery; (c) by registered or certified mail, return receipt requested; or (d) by nationally recognized courier service. Notice will be deemed given upon written verification of receipt. 13.11 Nonwaiver. Any failure or delay by either Party to exercise or partially exercise any right, power or privilege under this Agreement will not be deemed a waiver of any such right, power or privilege under this Agreement. No waiver by either Party of a breach of any term, provision or condition of this Agreement by the other Party will constitute a waiver of any succeeding breach of the same or any other provision hereof. No such waiver will be valid unless executed in writing by the Party making the waiver. 13.12 Publicity. Neither Party will issue any publicity materials or press releases that refer to the other Party or its Affiliates, or use any trade name, trademark, service mark or logo of the other Party or its Affiliates in any advertising, promotions or otherwise, without the other Party’s prior written consent. 13.13 Relationship of Parties. The relationship of the Parties will be that of independent contractors, and nothing contained in this Agreement will create or imply an agency relationship between Buyer and Seller, nor will this Agreement be deemed to constitute a joint venture or partnership or the relationship of employer and employee between Buyer and Seller. Each Party assumes sole and full responsibility for its acts and the acts of its Personnel. Neither Party will have the authority to make commitments or enter into contracts on behalf of, bind, or otherwise oblige the other Party. 13.14 Severability. If any term or condition of this Agreement is to any extent held invalid or unenforceable by a court of competent jurisdiction, the remainder of this Agreement will not be affected thereby, and each term and condition will be valid and enforceable to the fullest extent permitted by law. Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 14 of 19 13.15 Subcontracting. Seller may use Subcontractors in its performance under this Agreement, provided that: (a)) Seller remains responsible for all its duties and obligations hereunder and the use of any Subcontractor will not relieve or reduce any liability of Seller or cause any loss of warranty under this Agreement; and (b) Seller agrees to be directly liable for any act or omission by such Subcontractor to the same degree as if the act or omission were performed by Seller such that a breach by a Subcontractor of the provisions of this Agreement will be deemed to be a breach by Seller. The performance of any act or omission under this Agreement by a Subcontractor for, by or through Seller will be deemed the act or omission of Seller. Upon request, Seller will identify to Buyer any Subcontractors performing under this Agreement, including any that have access to Buyer Data, and such other information reasonably requested by Buyer about such subcontracting. 14. Definitions. 14.1 “Affiliate” means, with respect to a Party, any entity that directly, or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with such Party. 14.2 “AMI” means a way that the Software offered by Seller under a Enterprise Contract Listing may be provisioned to Buyer where the Software is delivered in a machine image using the Amazon Machine Image functionality of AWS Services. Buyer deploys and runs the AMI Image containing the AMI Software under Buyer’s own AWS Services account on AWS Services infrastructure. 14.3 “AMI Image” means the specific machine image in which AMI Software is delivered to Buyer using the Amazon Machine Image functionality of AWS Services, including the AMI Software, the operating system and all applications, services and information included therein. 14.4 “AWS Marketplace” means the software marketplace operated by Amazon Web Services, Inc. located at https://aws.amazon.com/marketplace/ as it may be updated from time to time. 14.5 “AWS Services” means the cloud computing services offered by Amazon Web Services, Inc. as they may be updated from time to time. 14.6 “Buyer Data” means all data, records, files, information or content, including text, sound, video, images and software, that is (a) input or uploaded to, or collected, received, processed, generated or stored by, the Software in connection with this Agreement, or (b) derived from (a). Buyer Data is Confidential Information of Buyer. 14.7 “Buyer Materials” means any property, items or materials, including Buyer Data, furnished by Buyer to Seller for Seller’s use in the performance of its obligations under this Agreement. 14.8 “Contractor” means any third party contractor of Buyer or other third party performing services for Buyer, including outsourcing suppliers. 14.9 “Documentation” means the user guides, manuals, instructions, specifications, notes, documentation, printed updates, “read-me” files, release notes and other materials related to the Software (including all information included or incorporated by reference in the applicable Enterprise Contract Listing), its use, operation or maintenance, together with all enhancements, modifications, derivative works, and amendments to those documents, that Seller publishes or provides under this Agreement. 14.10 “Enterprise Contract Listing” means an offer by Seller, as set forth in the detail page on the AWS Marketplace, to license Software and provide Support Services subject to this Enterprise Contract. 14.11 “Entitlement Pricing” means a pricing model for AMI Software or SaaS Software Subscriptions where Buyer purchases a quantity of usage upfront. Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 15 of 19 14.12 “Licensed Materials” means the Software, Documentation and any other items, materials or deliverables that Seller provides, or is obligated to provide, under this Agreement. 14.13 “Metered Pricing” means a pricing model for AMI Software or SaaS Software Subscriptions where Buyer pays as it goes based on the quantity of its usage of the Software. 14.14 “Personnel” means a Party or its Affiliate’s directors, officers, employees, non-employee workers, agents, auditors, consultants, contractors, subcontractors and any other person performing services on behalf of such Party (but excludes the other Party and any of the foregoing of the other Party). 14.15 “Proprietary Rights” means all intellectual property and proprietary rights throughout the world, whether now known or hereinafter discovered or invented, including, without limitation, all: (a) patents and patent applications; (b) copyrights and mask work rights; (c) trade secrets; (d) trademarks; (e) rights in data and databases; and (f) analogous rights throughout the world. 14.16 “SaaS” means a way that the Software offered by Seller under a Enterprise Contract Listing may be provisioned to Buyer where the Software is delivered to Buyer on a software-as-a-service basis. The SaaS Seller deploys the hosted Software under Seller’s account on the AWS Services infrastructure and is responsible for granting Buyer access to and use of the Software and SaaS Service. 14.17 “SaaS Service” means the SaaS Software as deployed and hosted by Seller on the AWS Service infrastructure, any software and other technology provided or made accessible by Seller that Buyer is required or has the option to use in order to access, receive and use the SaaS Software as hosted by Seller, including any software or technology that Buyer is required or has the option to install, operate and use on Buyer’s systems for its use of the SaaS Software, and all related services, functions or responsibilities of Seller inherent in, and necessary for, the proper performance of such software-as-a-service. 14.18 “Services” means all services and tasks that Seller provides, or is obligated to provide, under this Agreement, including without limitation Support Services. 14.19 “Software” means the computer software identified in the applicable Enterprise Contract Listing and any other software, including any patches, bug fixes, corrections, remediation of security vulnerabilities, updates, upgrades, modifications, enhancements, derivative works, new releases and new versions of the Software that Seller provides, or is obligated to provide, under this Agreement. 14.20 “Subcontractor” means any third party subcontractor or other third party to whom Seller delegates any of its duties and obligations under this Agreement. 14.21 “Subscription” means a subscription ordered by Buyer in the AWS Marketplace for the licensing and provision of AMI Software or SaaS Software listed in a Seller Enterprise Contract Listing. 14.22 “Subscription Entitlement” means the specified quantity of use of the Software with Entitlement Pricing that Buyer purchases upfront as specified in the applicable Enterprise Contract Listing. The Subscription Entitlement may be based on time, number of hosts, users (and variants thereof) or other parameters. 14.23 “Support Services” means the support and maintenance services for the Software that Seller provides, or is obligated to provide, as described in in the Enterprise Contract Listing. 14.24 “System Data” means data and data elements (excluding Buyer Data) collected by the SaaS Software, SaaS Service or Seller’s computer systems regarding configuration, environment, usage and performance of the SaaS Software or SaaS Service that may be used to generate logs, statistics and reports regarding performance, availability, integrity and security of the SaaS Software. 14.25 “User” means an employee, non-employee worker or other member of Buyer or any of Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 16 of 19 its Affiliates’ workforces, Contractor of Buyer or any of its Affiliates or other person or software program or computer systems authorized by Buyer or any of its Affiliates to access and use the Software as permitted under this Agreement. Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 17 of 19 Addendum 1 General Data Protection Regulation Data Processing Addendum for AWS Marketplace Cloud Software Contract (European Economic Area & Switzerland) This Data Processing Addendum (this “Addendum”), is part of the AWS Marketplace Cloud Software Contract (the “Enterprise Contract”) between Seller (who is the data processor) and Buyer (who is the data controller) and governs Seller’s processing of Personal Data to the extent such Personal Data relates to natural persons in the European Economic Area or Switzerland in connection with Seller’s provision of the services described in the Enterprise Contract (“Services”). All capitalized terms used but not defined in this Addendum have the meanings given to them in the Enterprise Contract. Processing of Personal Data 1. Instructions from the Controller. Notwithstanding anything in the Enterprise Contract to the contrary, Seller will only process Personal Data in order to provide the Services to Buyer, in accordance with Buyer’s written instructions, or as required by applicable Law. Seller will promptly inform Buyer if following Buyer instructions would result in a violation of applicable data protection law or where Seller must disclose Personal Data in response to a legal obligation (unless the legal obligation prohibits Seller from making such disclosure). 2. Confidentiality. Seller will restrict access to Personal Data to those authorized persons who need such information to provide the Services. Such authorized persons are obligated to maintain the confidentiality of any Personal Data. 3. Sensitive Information. Buyer will inform Seller if Personal Data falls into any special categories of personal data as defined in Article 9(1) of Regulation (EU) 2016/679. 4. Security. Seller will implement appropriate technical and organizational measures to ensure a level of security appropriate to the Personal Data provided by Buyer and processed by Seller. Such security measures will be at least as protective as the security requirements set forth in Section 8.5 of the Enterprise Contract. 5. Sub-processors. Buyer agrees that Seller, a processor, may engage other processors (“Sub-processors”) to assist in providing the Services consistent with the Enterprise Contract. Seller will make a list of such Sub- processors available to Buyer prior to transferring any Personal Data to such Sub-processors. Seller will notify Buyer of any changes to the list of Sub-processors in order to give Buyer an opportunity to object to such changes. 6. Sub-processor Liability. Where Seller engages another processor for carrying out specific processing activities on behalf of Buyer, the same data protection obligations as set out in this Addendum will be imposed on that other processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the EU data protection law. Where that other processor fails to fulfil its data protection obligations, Seller shall remain fully liable to the Buyer for the performance of that other processor’s obligations. 7. Access Requests. Seller has implemented and will maintain appropriate technical and organizational measures needed to enable Buyer to respond to requests from data subjects to access, correct, transmit, limit processing of, or delete any relevant Personal Data held by Seller. 8. Recordkeeping. Upon a request issued by a supervisory authority for records regarding Personal Data, Seller will cooperate to provide the supervisory authority with records related to processing activities performed on Buyer’s behalf, including information on the categories of Personal Data processed and the purposes of the processing, the use of service providers with respect to such processing, any data disclosures or transfers to third Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 18 of 19 parties and a general description of technical and organizational measures to protect the security of such data. 9. Cooperation. Seller will cooperate to the extent reasonably necessary in connection with Buyer’s requests related to data protection impact assessments and consultation with supervisory authorities and for the fulfillment of Buyer’s obligation to respond to requests for exercising a data subject’s rights in Chapter III of Regulation (EU) 2016/679. Seller reserves the right to charge Buyer for its reasonable costs in collecting and preparing Personal Data for transfer and for any special arrangements for making the transfer. 10. Third Party Requests. If Seller receives a request from a third party in connection with any government investigation or court proceeding that Seller believes would require it to produce any Personal Data, Seller will inform Buyer in writing of such request and cooperate with Buyer if Buyer wishes to limit, challenge or protect against such disclosure, to the extent permitted by applicable Law. 11. Transfer of Personal Data; Appointment. Buyer authorizes Seller to transfer, store or process Personal Data in the United States or any other country in which Seller or its Sub-processors maintain facilities. Buyer appoints Seller to perform any such transfer of Personal Data to any such country and to store and process Personal Data in order to provide the Services. Seller will conduct all such activity in compliance with the Enterprise Contract, this Addendum, applicable Law and Buyer instructions. 12. Retention. Personal Data received from Buyer will be retained only for so long as may be reasonably required in connection with Seller’s performance of the Enterprise Contract or as otherwise required under applicable Law. 13. Deletion or Return. When instructed by Buyer, Seller will delete any Personal Data or return it to Buyer in a secure manner and delete all remaining copies of Personal Data after such return except where otherwise required under applicable Law. Seller will relay Buyer’s instructions to all Sub-processors. 14. Breach Notification. After becoming aware of a Personal Data breach, Seller will notify Buyer without undue delay of: (a) the nature of the data breach; (b) the number and categories of data subjects and data records affected; and (c) the name and contact details for the relevant contact person at Seller. 15. Audits. Upon request, Seller will make available to Buyer all information necessary, and allow for and contribute to audits, including inspections, conducted by Buyer or another auditor mandated by Buyer, to demonstrate compliance with Article 28 of Regulation (EU) 2016/679. For clarity, such audits or inspections are limited to Seller’s processing of Personal Data only, not any other aspect of Seller’s business or information systems. If Buyer requires Seller to contribute to audits or inspections that are necessary to demonstrate compliance, Buyer will provide Seller with written notice at least 60 days in advance of such audit or inspection. Such written notice will specify the things, people, places or documents to be made available. Such written notice, and anything produced in response to it (including any derivative work product such as notes of interviews), will be considered Confidential Information and, notwithstanding anything to the contrary in the Enterprise Contract, will remain Confidential Information in perpetuity or the longest time allowable by applicable Law after termination of the Enterprise Contract. Such materials and derivative work product produced in response to Buyer’s request will not be disclosed to anyone without the prior written permission of Seller unless such disclosure is required by applicable Law. If disclosure is required by applicable Law, Buyer will give Seller prompt written notice of that requirement and an opportunity to obtain a protective order to prohibit or restrict such disclosure except to the extent such notice is prohibited by applicable Law or order of a court or governmental agency. Buyer will make every effort to cooperate with Seller to schedule audits or inspections at times that are convenient to Seller. If, after reviewing Seller’s response to Buyer’s audit or inspection request, Buyer requires additional audits or inspections, Buyer acknowledges and agrees that it will be solely responsible for all costs incurred in relation to such additional audits or inspections. Enterprise Contract for AWS Marketplace CONFIDENTIAL Page 19 of 19