SYMANTEC ONLINE SERVICES TERMS AND CONDITIONS AND SERVICE DESCRIPTION FOR SYMANTEC CLOUD WORKLOAD PROTECTION FOR STORAGE These SYMANTEC ONLINE SERVICES TERMS AND CONDITIONS are entered into as of the Effective Date specified in the Order Confirmation, and are made by and between the Symantec entity issuing the Order Confirmation ("Symantec") and the end user of the Online Services ("Customer", "You" or "Your") together, the "Parties." This "Agreement" means collectively these terms and conditions, as well as the specific Service Description for each Online Service as well as any quote, if applicable. In the event of a conflict, the following order of precedence applies: these Online Services Terms and Conditions, any quote (if applicable), and the Service Description. The Parties agree as follows: 1. DEFINITIONS. Capitalized Terms shall have the meanings set forth below. a) "Customer Content" means, any information provided by You to use the Online Service, including, but not limited to, Personal Information and Network Data. b) "Emergency Maintenance" means unscheduled maintenance periods which during which Service may be disrupted or prevented due to non-availability of the Service Infrastructure or any maintenance for which Symantec could not have reasonably prepared for the need for such maintenance, and failure to perform the maintenance would adversely impact Customer. c) "Meter" means the applicable unit(s) of measurement by which Symantec prices and sells a Subscription to an Online Service, in effect at the time of the Order Confirmation. d) "Network Data" means network traffic data that Symantec may receive, store, and/or process to configure and provide the Online Service, and/or to provide any included support for the Online Service, including but not limited to time of transaction, User IP address, username, URL, URL category, status (success or error), file type, filter result (allowed or denied), virus ID, and other metadata (e.g. browser software used), and any other network traffic (and data related thereto) sent to or received from You through use of the Online Service, in detail and/or in an aggregated form. e) "Order Confirmation" means the electronically-generated confirmation that Symantec sends to You to confirm a purchase of the applicable Online Services, as well as Subscription Term, whether ordered directly from Symantec or through a Symantec authorized resellers. f) "Online Service" means any Symantec branded solution delivered over the Internet and/or hosted or managed by Symantec and made available via a network, including any "Service Component(s)" which means certain enabling software, hardware peripherals and associated documentation which may be separately provided by Symantec as an incidental part of an Online Service. g) "Personal Information" means information provided to Symantec by You, or collected by Symantec on behalf of You in connection with the Online Services, and (1) that relates to an identified or identifiable natural person, and (2) that is protected under applicable data protection laws. Personal Information may include: (i) provisioning data, such as names, e-mail address, IP address and contact details of Customer designated users and contacts for the Online Service(s), necessary to configure the Online Service(s) or any subsequent service call as described in the Agreement; and (ii) some log data which may include certain source and destination IP addresses, host name, username, and policy names. h) "Planned Maintenance" means scheduled maintenance periods during which Service may be disrupted or prevented due to non-availability of the Service infrastructure. i) "Service Description" means Symantec's published description of an Online Service's features, including, but not limited to, any service-specific additional terms and requirements that are specified in this Agreement. j) "Subscription" means, for purposes of this Agreement, a fixed term right to access, use and/or benefit from an Online Service as defined in each Order Confirmation. k) "Subscription Term" means the period of time for which a Subscription is valid, as defined in each Order Confirmation. 2. SUBSCRIPTION AND ONLINE SERVICES RIGHTS GRANTED. Symantec grants You the right to use the Online Services, under this Agreement, in the Meter amount ordered and for the Subscription Term, within the use limitations shown in the applicable Service Descriptions. Any guidelines for eligibility to purchase Online Services may be outlined in a separately published guide. 3. USE OF ONLINE SERVICES a) Initial Account and Service Set-Up. You must provide Symantec with all reasonably necessary Customer Content to allow Symantec to provision and deliver each Online Service. b) Acceptable Use of Online Services. You may use the Online Services i) for Your internal business purpose, ii) up to the Meter amount for which You have purchased a Subscription, iii) only for lawful business purposes, and iv) in accordance with any acceptable use policy published by Symantec and the applicable Service Description. If You do not comply with these requirements, Symantec reserves the right to immediately suspend all or part of the Online Services during such non-compliance, without compensation to You of any kind. c) Customer Configurations. The Online Services do not include Your configurations, nor policies and procedures implemented and set by You that are available through the Online Services. You acknowledge and agree that You are solely responsible for selecting Your configurations and assuring that the selection conforms to Your policies and procedures and complies with all applicable laws and regulations in jurisdictions in which You are accessing the Online Services. d) Changes to Subscription Meter Amounts. For Subscriptions that are invoiced in arrears, You can change Your Subscription Meter amount at any time, without having to submit any additional order to Symantec for such changes. For Subscriptions that are invoiced in advance, You may increase Your Subscription Meter amount at any time, by submitting an order for additional Online Services. If Your current use of an Online Service exceeds the Meter amount shown on Your applicable Order Confirmation(s), then You must promptly submit a new order for the additional use, which will be invoiced at the then-current rates, or as mutually agreed upon by the Parties, through the current Subscription Term, and Your aggregate Meter amount will be the basis for any renewal of the Subscription. Symantec reserves the right to invoice You for any additional use, at the then-current rates, if a corresponding order is not promptly received. Each additional order will be subject to the then-current version of this Agreement. 4. SUBSCRIPTION TERM; AUTOMATIC RENEWAL a) Subscription Term and Automatic Renewal Option. The Subscription Term will start on the date indicated on the Order Confirmation. If Your Order Confirmation indicates that the Subscription will automatically renew for the Online Service, then Your account will be invoiced without further action by You on the renewal date for the aggregate Meter amount at the end of the previous Subscription Term. If Your Order Confirmation does not indicate automatic renewal, then You must contact Symantec or Your reseller prior to the expiration of Your current Subscription Term to continue to access the Online Services beyond the end of the Subscription Term. b) Automatic Renewal Opt Out. For Subscriptions that automatically renew, You may opt out of the automatic renewal option at any time by contacting Your reseller or by contacting Symantec at customercare@symantec.com. In the event that Symantec ceases to offer automatic renewal for specific Online Services, Symantec will provide notification to Your then-current business or technical contact, and/or by publication on the applicable administrator portal for the Online Service(s). c) Pay for Use Option. Notwithstanding a) and b) above, for Online Services that offer a pay for use option, as specified in the Service Description or applicable program guide, Your invoices will be based upon Your actual usage in the preceding month with or without an upfront commitment. You will continue to be invoiced so long as You continue to use the Online Services. d) End of Online Service Availability. Symantec will aim to provide twelve (12) months' notice of the last date of an Online Service's availability. Symantec will provide such notification to Your then-current business or technical contact, and/or by publication on the applicable administrator portal for the Online Service(s). Once an Online Service is no longer available, You will no longer have access to or use of the Online Service. 5. TERM; TERMINATION a) Term. The Term of this Agreement will begin on the Effective Date as indicated above and continue unless terminated as specified below. b) Right to Termination. (i) If You have chosen the automatic renewal option for Your Subscriptions, then You may cancel these at any time. For Subscriptions that are not subject to automatic renewal and are paid in advance, such Subscriptions are non-cancellable and payments for such Subscriptions are non-refundable. For Subscriptions that are invoiced on a monthly basis and/or have not been paid in advance then the Parties may cancel orders for Subscriptions upon thirty (30) days' written notice before the end of Your next billing cycle. (ii) This Agreement and each individual Subscription may be terminated by either Party if the other Party breaches any material term of this Agreement and such breach remains uncorrected for thirty (30) days following written notice; or immediately, if the other Party becomes the subject of a voluntary or involuntary petition in bankruptcy or any involuntary proceeding relating to insolvency, receivership, liquidation, or similar action for the benefit of creditors as a consequence of debt, or if the other Party otherwise ceases or threatens to cease business. c) Effect of Termination. Upon termination of an individual Subscription, the Agreement and all other Subscriptions will continue. Upon termination of this Agreement in whole, all current Subscriptions will be terminated immediately. Termination of this Agreement will be without prejudice to any rights or liabilities accrued as of the date of termination. Symantec is entitled to invoice and be paid for all Online Services provided up to the effective date of termination, and all invoices become immediately then due and payable. Any provision of the Agreement, which is intended to survive expiration or termination will survive, including, without limitation, confidentiality, restrictions on use of intellectual property, indemnity, limitations on liability and disclaimers of warranties and damages, governing law, and Your payment obligations accrued prior to termination. 6. PRICING; INVOICES; FEES; PAYMENT; TAXES. THE FOLLOWING TERMS SHALL APPLY ONLY IN THE EVENT THAT SYMANTEC ACCEPTS CUSTOMER'S ORDERS DIRECTLY. a) Pricing. Symantec reserves the right to change its pricing at any time. Symantec may change its pricing for an Online Service by publishing, quoting or invoicing You for the updated pricing and will aim to provide advance notice before such changes take effect. b) Invoices. Symantec reserves the right to invoice immediately upon acceptance of an Online Service(s) order. If You require a purchase order document ("PO"), in order for Symantec to process Your payment of an invoice, then such PO must include sufficient detail to allow Symantec to accept and accurately fulfill Your order. Depending on the Online Service Subscription model You select, Symantec will either (i) invoice You for the Online Services in advance, or (ii) invoice You in arrears. Such invoicing schedule will be defined in the Order Confirmation. Symantec reserves the right to begin invoicing You, even if Symantec cannot provide the Online Services due to Your act or omission or failure to provide required information. c) Fees and Payment. You will pay Symantec the fees agreed to by the Parties ("Fees") within thirty (30) days from the date of invoice unless otherwise mutually agreed to in writing by the Parties. Your order may contain Online Services that are invoiced in advance or in arrears. If any sum payable to Symantec is not paid by the due date, Symantec reserves the right, without prejudice to any other remedy, to (i) charge interest on such overdue sum on a day to day basis from the due date until paid in full the lesser of one percent (1%) per month or the maximum rate permitted by applicable law; and/or (ii) suspend the provision of the Online Services upon five (5) days prior notice, until paid in full. d) Taxes. You are responsible for all taxes, customs duties, import fees or other similar charges, and all other mandatory payments imposed by government entities with respect to the Online Services or other items provided under this Agreement, excluding tax imposed on Symantec's net income and withholding taxes (subject to the condition of providing withholding tax payment receipts, as set forth below). Symantec will bill applicable taxes as a separate item. If a transaction is exempt from tax, You will provide Symantec with a valid exemption certificate or other evidence of such exemption in a form acceptable to Symantec. If You are required by law to withhold any tax from the payment, You will provide Symantec with original or certified copies of all tax payment receipts or other evidence of payment of taxes by You with respect to transactions under this Agreement. If You fail to provide Symantec with such tax payment receipts, if applicable, then You will reimburse Symantec for any fines, penalties, taxes and other governmental agency charges resulting from such failure. 7. PURCHASING THROUGH RESELLER. If You order from a Symantec reseller ("Reseller"), then all provisions related to pricing, invoicing, fees, payments and taxes shall be as agreed between You and Reseller. Symantec will not be liable for any agreement between You and Reseller for any other account administration on Your behalf. 8. WARRANTY. Symantec warrants that it provides Online Services using reasonable care and skill in accordance with the corresponding Services Description and within the industry standards. The warranty for an Online Service ends when the Online Service ends. SYMANTEC DOES NOT WARRANT UNINTERRUPTED OR ERROR-FREE OPERATION OF AN ONLINE SERVICE OR THAT SYMANTEC WILL CORRECT ALL DEFECTS OR PREVENT THIRD PARTY DISRUPTIONS OR UNAUTHORIZED THIRD PARTY ACCESS. THESE WARRANTIES ARE THE EXCLUSIVE WARRANTIES FROM SYMANTEC AND REPLACE ALL OTHER WARRANTIES, INCLUDING THE IMPLIED WARRANTIES OR CONDITIONS OF SATISFACTORY QUALITY, MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. SYMANTEC'S WARRANTIES WILL NOT APPLY IF THERE HAS BEEN MISUSE, MODIFICATION, DAMAGE NOT CAUSED BY SYMANTEC, FAILURE TO COMPLY WITH INSTRUCTIONS PROVIDED BY SYMANTEC, OR AS OTHERWISE STATED IN SYMANTEC'S PUBLISHED POLICY, NON-SYMANTEC BRANDED SERVICES ARE SOLD UNDER THE AGREEMENT AS-IS, WITHOUT WARRANTIES OF ANY KIND. IN THE EVENT THAT YOU TEST THE BETA VERSION OF AN ONLINE SERVICE, YOU ACKNOWLEDGE THAT THE BETA ONLINE SERVICE IS UNTESTED, PRELIMINARY IN FORM AND/OR IN A TEST ENVIRONMENT. THE BETA ONLINE SERVICE IS PROVIDED "AS IS" WITH NO WARRANTIES OR REPRESENTATIONS WHATSOEVER. THE TERMS OF THE SERVICE LEVEL AGREEMENT (IF ANY) SHALL NOT APPLY TO ANY BETA ONLINE SERVICES. 9. INTELLECTUAL PROPERTY. The intellectual property rights in the Online Services are and will remain Symantec property or that of Symantec's licensors. 10. DEFENSE OF THIRD PARTY CLAIMS. a) By Symantec. Symantec will defend You against any claims asserting that the Online Services infringe any intellectual property right of a third party, and will pay any and all damages finally awarded by a court and actually paid by You, or agreed to in a final settlement by Symantec and attributable to such claim. Symantec's obligations under this provision are subject to Your doing the following: notifying Symantec of the claim in writing, as soon as You learn of it; providing Symantec with all reasonable assistance and information to enable Symantec to perform Symantec's duties under this Section; allowing Symantec sole control of the defense and all related settlement negotiations; and not having compromised or settled such claim. Notwithstanding the foregoing, You may participate at Your expense in the defense of any such claim with Your own counsel, provided that Symantec retains sole control of the claim. You have the right to approve any settlement that affirmatively places on You an obligation that has a material adverse effect on You other than the obligations to cease using the affected Online Service or to pay sums indemnified under this Section. Such approval will not be unreasonably withheld. If the Online Services are found to infringe, or if Symantec determines in Symantec's sole opinion that the Online Services are likely to be found to infringe, then Symantec will either (i) obtain for You the right to continue to use the Online Services; or (ii) modify the Online Service (including, if applicable, any Service Component(s)) so as to make it non-infringing, or replace it with a non-infringing equivalent substantially comparable in functionality, (and in the case of infringing Service Components, You will stop using any infringing version of such Service Components); or, if Symantec determines in its sole opinion that "(i)" and/or "(ii)" are not reasonable, Symantec may (iii) terminate Your rights and Symantec's obligations under this Agreement with respect to such Online Services, and in such case shall refund to You the pre-paid fees for the relevant Online Services. Notwithstanding the above, Symantec will not be liable for any infringement claim to the extent that it is based upon: (1) modification of the Online Services other than by Symantec; (2) combination, use, or operation of the Online Services with products not specifically authorized by Symantec to be combined with the Online Services; (3) use of the Online Services other than in accordance with this Agreement; or (4) Your continued use of infringing Online Services after Symantec, for no additional charge, supplies or offers to supply modified or replacement non-infringing Online Services. THIS SECTION "INDEMNITY" STATES YOUR SOLE AND EXCLUSIVE REMEDY AND SYMANTEC'S SOLE AND EXCLUSIVE LIABILITY REGARDING INFRINGEMENT OR MISAPPROPRIATION OF ANY INTELLECTUAL PROPERTY RIGHTS OF A THIRD PARTY. b) Indemnification by Customer. You agree, at Symantec's request to defend, to indemnify Symantec against and hold Symantec harmless from any and all claims, actions, losses, costs, fines and expenses that Symantec may incur as a result of: (i) any breach by You of the Section entitled "Acceptable Use of Online Services", (ii) Your unauthorized use of the Online Service in a manner not contemplated by the Services Description, or (iii) any third party, including without limitation any regulatory authority claim in relation to Customer Content. 11. CONFIDENTIALITY. "Confidential Information" means, for purposes of this Agreement, the non-public information exchanged by the Parties, provided that such information is: (1) identified as confidential at the time of disclosure by the disclosing Party ("Discloser"), or (2) disclosed under circumstances that would indicate to a reasonable person that the information ought to be treated as confidential by the Party receiving such information ("Recipient"). A Recipient may use the Confidential Information that it receives from the Discloser solely for the purpose of performing activities contemplated under this Agreement. For a period of five (5) years following the applicable date of disclosure of any Confidential Information, a Recipient will not disclose the Confidential Information to any third party. A Recipient will protect it by using the same degree of care, but no less than a reasonable degree of care, to prevent the unauthorized use, dissemination or publication as the Recipient uses to protect its own confidential information of a like nature. The Recipient may disclose the Confidential Information to its affiliates, agents and subcontractors with a need to know in order to fulfill the purpose of this Agreement, under a nondisclosure agreement at least as protective of the Discloser's rights as this Agreement. This Section 11 imposes no obligation upon a Recipient with respect to Confidential Information which: (i) is or becomes public knowledge other than by breach of this Agreement; (ii) was in the Recipient's possession before receipt from the Discloser and was not subject to a duty of confidentiality; (iii) is rightfully received by the Recipient without any duty of confidentiality; (iv) is disclosed generally to a third party by the Discloser without a duty of confidentiality on the third party; or (v) is independently developed by the Recipient without use of the Confidential Information. The Recipient may disclose the Discloser's Confidential Information as required by law or court order provided: (1) the Recipient promptly notifies the Discloser in writing of the requirement for disclosure, if legally permissible; and (2) discloses only as much of the Confidential Information as is required. Upon request from the Discloser or upon termination of the Agreement, the Recipient will aim to return all Confidential Information and all copies, notes, summaries or extracts thereof or certify destruction of the same. Each party will retain all right, title and interest to such party's Confidential Information. The parties acknowledge that a violation of the Recipient's obligations with respect to Confidential Information may cause irreparable harm to the Discloser for which a remedy at law would be inadequate. Therefore, in addition to any and all remedies available at law, Discloser will be entitled to seek an injunction or other equitable remedies in all legal proceedings in the event of any threatened or actual violation of any or all of the provisions. 12. USE AND PROTECTION OF CUSTOMER CONTENT - DATA PROTECTION As part of the use of Online Service(s), You will provide Personal Information to Symantec. By using the Online Service(s) You acknowledge that the Online Service(s) meet(s) Your requirements and processing instructions. For the purpose of this Agreement, Symantec uses the terms "Data Controller" and "Data Processor" as they are defined by applicable data protection laws and regulations ("Data Protection Laws"). You acknowledge and agree that as Data Controller, You shall comply with all applicable Data Protection Laws, and be solely responsible for providing any notices and/or obtaining any consents necessary for Symantec to process Personal Information under the Agreement including in the circumstances when Symantec is a Data Controller. You must ensure that You provide access to, or incorporate, Symantec's privacy terms, including its privacy statements, as available at www.symantec.com. As a Data Processor, Symantec shall only process Personal Information on behalf of and in accordance with Your instructions. You instruct Symantec to process Personal Information for the following purposes: i) provide the Online Service(s) in accordance with this Agreement, the Service Description(s), as instructed by You, provided always that such instructions are not incompatible with the terms of the Agreement, and ii) to administer and enforce Symantec's agreements with You. Symantec will be a Data Controller in certain circumstances. For example, and only to the extent permitted by applicable law or regulation, Symantec will process Personal Information: (i) to generate statistical reports and analysis about use of the Online Service(s) (including analysis related to security trends and data patterns, and comparisons in Symantec's aggregated install base) (collectively "Reports"); (ii) for internal research and development (e.g., improving Symantec's products and services or the detection of malware); (iii) for providing general security related services or research; (iv) as provided in the applicable Symantec privacy statements; or (v) as required by applicable law, regulation or judicial process. Subject to the anonymization of Personal Information and any information that could identify You, Symantec may publish, distribute or otherwise make public the Reports (in compiled or original formats) for the purposes of providing computer security information. Symantec will maintain appropriate administrative, technical, organizational, and physical safeguards for the Symantec Network as defined below designed to (i) protect the security and integrity of the Symantec Network, and (ii) protect against accidental, unauthorized, or unlawful access, use, alteration or disclosure of, loss, destruction or damage to, or any other unlawful form of processing of Customer Content. The "Symantec Network" means Symantec's data center facilities, servers, and networking equipment/software involved in hosting Customer Content that is under Symantec's reasonable control and are used to provide the Online Service(s). Symantec's security standards will be substantially equivalent to the generally accepted security standards in the IT industry for Online Service(s). Symantec will conform to the security standards during the Subscription Term. You acknowledge and agree that (i) the Symantec Network used by Symantec to process Personal Information as provided in this Agreement will be located within the European Economic Area ("EEA") and/or in countries that may have less protective data protection laws ("Third Country/ies");and that (ii) Symantec affiliates and other non-affiliated third party providers may be retained as sub-processors, worldwide ("Sub-Processors") to fulfil its contractual obligations under this Agreement or to provide certain services on its behalf and that they will therefore process Personal Information. Where Symantec authorizes any Sub-Processor as described in this Section, Symantec will restrict the Sub-Processor's access to Personal Information only to what is necessary to maintain the Online Service(s) or to provide the Online Service(s) to You in accordance with the Agreement and Symantec will prohibit the Sub-Processor from accessing Personal Information for any other purposes; and Symantec will impose appropriate contractual obligations in writing upon the Sub-Processor that are no less protective than this Agreement; and Symantec shall be liable for the acts and omissions of its Sub-Processors to the same extent Symantec would be liable if performing the services of each Sub-Processor directly under the Agreement. Any transfer of Personal Information to any Sub-Processor(s) established in a Third Country/ies, if required by Data Protection Laws, will be subject to appropriate data transfer agreements (including Standard Contractual Clauses) with such Sub-Processor(s), unless the transfer of such Personal Information occurs via an alternative means permitted by applicable Data Protection Laws. Contact the following for any questions or to access Your Personal Information: Symantec Corporation - Privacy Program Office, 350 Ellis Street, PO Box 7011, Mountain View, CA 94043, U.S.A. Email: privacyteam@symantec.com. 13. LIMITATION OF LIABILITY. a) Nothing in this Agreement shall exclude or limit: (i) Symantec's liability for death or personal injury caused by its negligence; (ii) any fraudulent pre-contractual misrepresentations made by Symantec on which Customer can be shown to have relied; (iii) either party's obligations outlined in Section 10; or (iv) any other liability which cannot be excluded by law. b) TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND REGARDLESS OF WHETHER ANY REMEDY SET FORTH IN THIS AGREEMENT FAILS OF ITS ESSENTIAL PURPOSE, IN NO EVENT WILL SYMANTEC OR ITS SUPPLIERS BE LIABLE TO CUSTOMER, WHETHER IN CONTRACT, TORT OR OTHERWISE, FOR (i) ANY SPECIAL, CONSEQUENTIAL, INCIDENTAL OR INDIRECT DAMAGES; OR II) ANY COSTS OF PROCUREMENT OF SUBSTITUTE OR REPLACEMENT GOODS AND SERVICES, LOSS OF PROFITS, LOSS OF USE, LOSS OF OR CORRUPTION TO DATA, BUSINESS INTERRUPTION, LOSS OF PRODUCTION, LOSS OF REVENUES, LOSS OF CONTRACTS, LOSS OF GOODWILL, ANTICIPATED SAVINGS, WASTED MANAGEMENT AND STAFF TIME; WHETHER ARISING DIRECTLY OR INDIRECTLY OUT OF THIS AGREEMENT OR USE OF THE ONLINE SERVICES, EVEN IF SYMANTEC OR ITS SUPPLIERS HAVE BEEN ADVISED SUCH DAMAGES OR LOSSES MIGHT OCCUR. c) SUBJECT TO SECTIONS A) AND B), TO THE EXTENT PERMITTED BY APPLICABLE LAW, SYMANTEC'S OR SYMANTEC'S SUPPLIERS' TOTAL LIABILITY FOR ALL CLAIMS ARISING UNDER THIS AGREEMENT IS LIMITED TO DIRECT DAMAGES UP TO THE FOLLOWING AMOUNTS: I) FOR ONLINE SERVICES, THE AMOUNT YOU WERE REQUIRED TO PAY FOR THE APPLICABLE ONLINE SERVICE DURING THE TWELVE (12) MONTHS BEFORE THE CAUSE OF ACTION AROSE OR II) FOR BETA ONLINE SERVICES UP TO U.S. $5,000. THE DISCLAIMERS AND LIMITATIONS SET FORTH ABOVE WILL APPLY REGARDLESS OF WHETHER OR NOT CUSTOMER ACCEPTS THE ONLINE SERVICES. 14. U.S. GOVERNMENT RESTRICTED RIGHTS. This Section 14 applies only to U.S. Government entities. The Online Service is deemed to be commercial computer software for purposes of FAR 12.212. Any use, modification, reproduction release, performance, display or disclosure of the Online Service by the U.S. Government shall be solely in accordance with the terms of this Agreement, and except as otherwise explicitly stated in this Agreement all provisions of this Agreement shall apply to the U.S. Government. 15. GENERAL. (a) Symantec is an independent contractor and shall not be deemed Your employee or agent; (b) Symantec has the right to subcontract the performance of the Online Services to third parties, provided that Symantec remains responsible for the contractual obligations according to the Agreement. (c) All notices of breach, termination or the like will be in writing and addressed to the receiving party's current business contact, if known, with a cc: to the General Counsel/Legal Department of the receiving party and sent to the party's address as stated in the Order Confirmation, or as updated by either party in writing. Notices shall be effective upon receipt and shall be deemed received as follows: (i) if personally delivered by courier, when delivered, or (ii) if mailed by first class mail, or the local equivalent, on the fifth business day after posting with the proper address. (d) You may not assign the rights granted under the Agreement, in whole or in part and whether by operation of contract, law or otherwise, without Symantec's prior written consent. Such consent will not be unreasonably withheld or delayed. (e) Each party will be excused from performance, other than payment obligations, for any period during which, and to the extent that, it is prevented from performing any obligation or service, in whole or in part, due to unforeseen circumstances or to causes beyond such party's reasonable control including but not limited to war, strike, riot, crime, acts of God, or shortages of resources. (f) If You are is located in North America or Latin America, this Agreement will be governed by the laws of the State of California, United States of America. If You are located in China, this Agreement will be governed by the laws of the Peoples Republic of China. If You are otherwise located in Asia Pacific, this Agreement is governed by the laws of Singapore. If You are located in Europe, Middle East, or Africa, this Agreement will be governed by the laws of England and Wales. Such governing laws are exclusive of any provisions of the United Nations Convention on Contracts for Sale of Goods, including any applicable amendments, and without regard to principles of conflicts of law. (g) If any provision of the Agreement is found partly or wholly illegal or unenforceable, such provision will be enforced to the maximum extent permissible, and the legality and enforceability of the other provisions will remain in full force and effect. A waiver of any breach or default under the Agreement will not constitute a waiver of any other right for subsequent breach or default. No person other than a party to the Agreement will be entitled to enforce any term of it except as expressly provided in the Agreement. (h) You acknowledge and agree that the Online Services (and applicable Services Components) and any related download or technology ("Controlled Technology") may be subject to applicable export control and trade sanction laws, regulations, rules and licenses, and that You are on notice of the information published by Symantec on http://www.symantec.com/about/profile/policies/legal.jsp, or successor website, and will comply with the foregoing, and with such further export restrictions that may govern individual Online Services, as specified in the relevant Service Descriptions. (i) Notwithstanding the foregoing, Symantec may revise Online Service(s) and/or Service Descriptions at any time for the following reasons: (i) it becomes necessary due to applicable laws or industry standards, including, without limitation, any change of the foregoing; (ii) it becomes necessary for technological reasons when any change is made without materially degrading the Online Service(s) functionality; (iii) it becomes necessary to maintain the operation of the Online Service when any change is made without materially degrading the Online Service(s) functionality; or (iv) changes are in Your favor. (j) The terms of this Agreement are the complete and exclusive agreement between the parties with respect to the subject matter of this Agreement, and supersedes any previous or contemporaneous agreement, proposal, commitment, representation, or other communication whether oral or written between the Parties regarding such subject matter. The Agreement prevails over any conflicting or additional terms of any purchase order, ordering document, acknowledgement or confirmation or other document issued by You, even if signed and returned. If this Agreement is translated in any language other than the English language, and in the event of a conflict between the English language version and the translated version, the English language version shall prevail in all respects. SERVICE DESCRIPTION FOR SYMANTEC CLOUD WORKLOAD PROTECTION FOR STORAGE 1. TECHNICAL/BUSINESS FUNCTIONALITY AND CAPABILITIES 1.1 Service Overview Symantec Cloud Workload Protection for Storage ("Service") is a service that secures data in Amazon Simple Storage Service ("Amazon S3"). 1.2 Service Features * The Service scans the Amazon S3 buckets for security threats by using antivirus features and other technologies like file reputation and advanced machine learning. * The Service provides protection at all times by scanning any file which gets uploaded, downloaded, updated or data at rest within Amazon S3. * Near real-time scan (NRTS) feature scans files as soon as they get created or modified in the Amazon S3 buckets. Scheduled scan periodically scans the Amazon S3 buckets with latest virus definitions and as per the defined scope & schedule. * The Service console facilitates monitoring the policy violations and the health status. * Customer can access the Service through a self-service online portal ("Portal"). Customer may configure and manage the Service, access reports, and view data and statistics, through the Portal, when available as part of the Service. * The Service is managed on a twenty-four (24) hours/day by seven (7) days/week basis and is monitored for hardware availability, service capacity and network resource utilization. The Service is regularly monitored for service level compliance and adjustments are made as needed. * The Service gathers appropriate context and metadata about the Amazon S3 buckets available as seen by the delegated role providing instant visibility into the bucket data. * Reporting for the Service is available through the Portal. Reporting may include activity logs and/or statistics. Customer may choose to generate reports through the Portal, which can be configured to be sent by email on a scheduled basis, or downloaded from the Portal. * Should a Service be suspended or terminated for any reason whatsoever, Symantec will reverse all configuration changes made upon provisioning the Service and it is the responsibility of Customer to undertake all other necessary configuration changes when the Service is reinstated. * Customers shall have access to the Service to download Events and Alerts information for up to 30 days after termination of the Service. 1.3 Service Enabling Software * This Service includes enabling software, which should be used only in connection with Customer's use of the Service during the Subscription Term ("Enabling Software"). Use of the Enabling Software is subject to the license agreement accompanying such software ("Software License Agreement"). If no Software License Agreement accompanies the Enabling Software, it is governed by the terms and conditions located at http://www.symantec.com/content/en/us/enterprise/eulas/b-hosted-service-component-eula-eng.pdf. In the event of conflict, the terms of this Service Description prevail over any such Software License Agreement. Customer must remove Enabling Software upon expiration or termination of the Service. 1.4 Service Hardware Components * If the Customer chooses to configure two-factor authentication, Customer may purchase such two-factor authentication token from Symantec. 2. CUSTOMER RESPONSIBILITIES 2.1 Symantec can only perform the Service if Customer provides required information or performs required actions, otherwise Symantec's performance of the Service may be delayed, impaired or prevented, as noted below. * Setup Enablement: Customer must provide information required for Symantec to begin providing the Service. * Adequate Customer Personnel: Customer must provide adequate personnel to assist Symantec in delivery of the Service, upon reasonable request by Symantec. * Customer must provide appropriate access to its Amazon (or Amazon Web Services) deloyments to the Service as defined in the Documentation to enable all the capabilities of the Service. * Renewal Credentials: If applicable, Customer must apply renewal credential(s) provided in the applicable Order Confirmation within its account administration, to continue to receive the Service, or to maintain account information and Customer data which is available during the Subscription Term. * Customer Configurations vs. Default Settings: Customer must configure the features of the Service through the Portal, if applicable, or default settings will apply. In some cases, default settings do not exist and no Service will be provided until Customer chooses a setting. Configuration and use of the Service(s) are entirely in Customer's control, therefore, Symantec is not liable for Customer's use of the Service, nor liable for any civil or criminal liability that may be incurred by Customer as a result of the operation of the Service. Some of the features are configured at the time of deployment of Enabling Software through AWS CFT inputs. * Some configurations can also be done through the Command Gateway (Command-line utility) provided along with the Enabling Software. * Customer must comply with all applicable laws with respect to use of the Service. * Customer is responsible for obtaining all approvals and consents required by any third parties in order for Symantec to provide the Service. Symantec is not in default of its obligations to the extent it cannot provide the Service either because such approvals or consents have not been obtained or any third party otherwise prevents Symantec from providing the Service. * Customer is responsible for its data, and Symantec does not endorse and has no control over what users submit through the Service. Customer assumes full responsibility to back-up and/or otherwise protect all data against loss, damage, or destruction. Customer acknowledges that it has been advised to back-up and/or otherwise protect all data against loss, damage or destruction. * Customer is responsible for its account information, password, or other login credentials. Customer agrees to use reasonable means to protect the credentials, and will notify Symantec immediately of any known unauthorized use of Customer account. 2.2 Acceptable Use Policy * Customer is responsible for complying with the Symantec Online Services Acceptable Use Policy available at https://www.websecurity.symantec.com/content/dam/websitesecurity/digitalassets/desktop/pdfs/repository/online-services-acceptable-use-policy-v6-en.pdf, or such other websites as Symantec may designate from time to time. 3. ENTITLEMENT AND SUBSCRIPTION INFORMATION Customer may use the Service only in accordance with the use meter or model under which Customer has obtained use of the Service: (i) as indicated in the applicable Order Confirmation; and (ii) as defined in this Service Description or the Agreement. 3.1 Charge Metrics The Service is available under the following Meters as specified in the Order Confirmation: * "Gigabyte (GB)"refers to the amount of digital information (i) that uses and/or benefits from the use of the Service, or (ii) that actually uses any portion of the Service. Usage is tracked and billed in Gigabytes of digital information scanned by the Service. * Customer pays in arrears for the Service based on the number of Gigabytes of digital information scanned by the Service in the prior month rounded up to the nearest whole Gigabyte. * Billing increments are computed by the Gigabytes with a minimum of one (1) Gigabyte. * Customer can run the Service without a predetermined limit. 3.2 Changes to Subscription If a Customer has received Customer's Subscription directly from Symantec, communication regarding permitted changes of Customer's Subscription must be sent to 3S_orders@symantec.com (or replacement address as published by Symantec), unless otherwise noted in Customer's agreement with Symantec. Any notice given according to this procedure will be deemed to have been given when received. If Customer has received Customer's Subscription through a Symantec reseller, please contact the reseller. 4. ASSISTANCE AND TECHNICAL SUPPORT 4.1 Customer Assistance. Symantec will provide the following assistance a part of the Service, during regional business hours: * Receive and process orders for implementation of the Service * Receive and process requests for permitted modifications to Service features; and * Respond to billing and invoicing questions 4.2 Technical Support. If Customer is entitled to receive technical support ("Support") from Symantec, the Support as specified in Exhibit-A is included with the Service. If Customer is entitled to receive Support from a Symantec reseller, please refer to Customer's agreement with that reseller for details regarding such Support, and the Support described in Exhibit-A will not apply to Customer. 5. ADDITIONAL TERMS * Customer may not disclose the results of any benchmark tests or other tests connected with the Service to any third party without Symantec's prior written consent. * The Service may be accessed and used globally, subject to applicable export compliance limitations and technical limitations in accordance with the then-current Symantec standards. * Any templates supplied by Symantec are for use solely as a guide to enable Customer to create its own customized policies and other templates. * Symantec reserves the right to modify and update the features and functionality of the Service, with the objective of providing equal or enhanced Service (as long as Symantec does not materially reduce the core functionality of the Service). Customer acknowledges and agrees that Symantec reserves the right to update this Service Description at any time during the Subscription Term to accurately reflect the Service being provided, and the updated Service Description will become effective upon posting. EXHIBIT-A TECHNICAL SUPPORT * Support is available on a twenty-four (24) hours/day by seven (7) days/week basis to assist Customer with configuration of the Service features and to resolve reported problems with the Service. * Whenever a Customer raises a problem, fault or request for Service information via telephone or web or portal submission with Symantec, its priority level is determined and it is responded to per the response targets defined in the table below. Faults originating from Customer's actions or requiring the actions of other service providers are beyond the control of Symantec and as such are specifically excluded from this Support commitment. PROBLEM SEVERITY-RESPONSE TARGET * Severity 1: a problem has occurred where no workaround is immediately available in one of the following situations: (i) Customer's production server or other mission critical system is down or has had a substantial loss of service; or (ii) a substantial portion of Customer's mission critical data is at a significant risk of loss or corruption. o RESPONSE TARGETS FOLLOWING ACKNOWLEDGEMENT: within 30 minutes * Severity 2: a problem has occurred where a major functionality is severely impaired. Customer's operations can continue in a restricted fashion, although long-term productivity might be adversely affected. o RESPONSE TARGETS FOLLOWING ACKNOWLEDGEMENT: within 2 hours * Severity 3: a problem has occurred with a limited adverse effect on Customer's business operations. o RESPONSE TARGETS FOLLOWING ACKNOWLEDGEMENT: by same time next business day * Severity 4: One of the following: a problem where Customer's business operations have not been adversely affected or a suggestion for new features or an enhancement regarding the Service or Enabling Software o RESPONSE TARGETS FOLLOWING ACKNOWLEDGEMENT: within the next business day; Symantec further recommends that Customer submit Customer's suggestion for new features or enhancements to Symantec's forums Maintenance. Symantec must perform maintenance from time to time. The following applies to such maintenance: * Planned Maintenance. For Planned Maintenance, Symantec will use commercially reasonable efforts to give Customer seven (7) calendar days' notification, via email, SMS, or as posted on the Portal. Symantec will use commercially reasonable efforts to perform Planned Maintenance at times when collective customer activity is low, in the time zone in which the affected Infrastructure is located, and only on part, not all, of the network. If possible, Planned Maintenance will be carried out without affecting the Service. During Planned Maintenance, Service may be diverted to sections of the Infrastructure not undergoing maintenance in order to minimize disruption of the Service. * Emergency Maintenance. Where Emergency Maintenance is necessary and is likely to affect the Service, Symantec will endeavor to inform the affected parties in advance by posting an alert on the applicable Portal no less than one (1) hour prior to the start of the Emergency Maintenance. * Routine Maintenance. Symantec will use commercially reasonable efforts to perform routine maintenance of Portals at times when collective Customer activity is low to minimize disruption to the availability of the Portal. Customer will not receive prior notification for these routine maintenance activities.