Legal

Red Hat Online Services Agreement

Last Updated May 22, 2020

PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING RED HAT® SOFTWARE OR SERVICES. IN ORDER TO USE RED HAT SOFTWARE OR SERVICES, YOU MUST ACCEPT THE TERMS OF THIS AGREEMENT. BY USING RED HAT SOFTWARE OR SERVICES, YOU AGREE THAT YOUR USE IS GOVERNED BY THIS AGREEMENT. IF YOU ARE AN INDIVIDUAL ACTING ON BEHALF OF AN ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO ENTER INTO THIS AGREEMENT ON BEHALF OF THAT ENTITY. IF YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT, THEN YOU MUST NOT USE RED HAT SOFTWARE OR SERVICES. YOU CONFIRM THAT YOU ARE AT LEAST 18 YEARS OLD OR THE AGE OF MAJORITY IN YOUR JURISDICTION. RED HAT MAY MODIFY THIS AGREEMENT FROM TIME TO TIME; PLEASE SEE SECTION 5 FOR DETAILS.

1. Framework. This Red Hat Online Services Agreement, which includes Appendix A, Appendix B and other documents incorporated by reference, (the "Agreement") is between Red Hat, Inc. and its applicable affiliates ("Red Hat") and the user of Red Hat software or services who accepts the terms of this Agreement ("You"). This Agreement is effective ("Effective Date") on the earlier of the date that You accept this Agreement or the date that You first use Red Hat Software or Services (defined below). This Agreement establishes a framework that will enable You to receive the services from Red Hat identified in Appendix A (the "Services"), which may include access to software and related materials (the "Software") and may require the payment of Fees (defined below). Appendix A sets forth additional terms applicable to specific Services and Software. As further described below, You agree to comply with the Red Hat Acceptable Use Policy, which is incorporated into this Agreement, the most recent version of which can be reviewed at https://www.openshift.com/legal/acceptable-use/ (the "Acceptable Use Policy"). As further described in Section 4.1 below, to the extent Red Hat processes Personal Data (as such term is defined in the Data Processing Addendum) disclosed to it by You as part of Your Content, the Data Processing Addendum shall apply to the parties. The Data Processing Addendum is attached hereto as Appendix B. Please read Appendix A, Appendix B and the Red Hat Acceptable Use Policy which describe terms that govern Your use of Services.

2. General Conditions of Use

2.1 Your Account. In order to access the Services, You will be required to create an account ("Your Account"). You may create only one account per email address and You must verify that the email address used in connection with Your Account is valid and will remain valid during the term of this Agreement. Your user name must be consistent with the Acceptable Use Policy and must not impersonate someone else or cause confusion as to source, affiliation or endorsement. You may not (or permit third parties to) create multiple accounts or otherwise access the Services in a manner that is intended to avoid Fees or to circumvent maximum capacity thresholds for the Services. You must maintain the confidentiality of Your password and Your Account information and are solely responsible for all activities and/or actions that occur with respect to Your Account whether by You or a third party user ("Your User").

2.2 Your Use. You agree to use the Services in accordance with, and comply with, all applicable laws and regulations and this Agreement, including but not limited to the Acceptable Use Policy and will not induce or solicit Your Users or other third parties to commit unlawful acts or to obtain unauthorized access to the Services. You agree not to interfere with Red Hat's ability to provide any of the Services to any other user or with another user's ability to receive the Services. You are solely responsible for determining the suitability of the Services for Your use in light of any applicable laws and/or regulations such as data protection and privacy laws and regulations. Red Hat makes no representations or warranties regarding the suitability of the Services for use by You, or the Services' compliance with the requirements of any applicable laws, regulations or industry standards.

2.3 Third Party Use. If You provide Your Users with access to Content (defined below) and/or the Services, You are responsible for any third party that You enable or authorize to have access to the Services and You will be deemed to have taken any action that You permit, facilitate or assist Your Users in taking relating to this Agreement, Content or use of the Services. You must ensure that Your Users comply with the terms of this Agreement, including the Acceptable Use Policy, and You agree that if You become aware of any violation by one of Your Users, You will terminate that User's access immediately. You will also implement an acceptable use policy that is consistent with the Red Hat Acceptable Use Policy. 

2.4 Failure to Comply; Suspension. You will immediately notify Red Hat if You suspect someone has breached this Agreement, the Acceptable Use Policy, or has obtained unauthorized access to Your Account, the Content (defined below) and/or the Services. If Red Hat has reason to believe that You or Your Users have breached this Agreement or the Acceptable Use Policy, Red Hat or its designated agent may inspect Your use of the Services, including Your Account, Content and records, to verify Your compliance with this Agreement. You will not interfere with our monitoring and will provide Content or other information regarding Your Account as may be reasonably requested by Red Hat to ensure Your use complies with this Agreement. Red Hat reserves the right (but has no obligation) to suspend or terminate Your access to the Services or disable Your or Your Users' Content if Red Hat, in its sole discretion, believes You have breached the terms of the Agreement, any policy to which we refer in this Agreement or have violated any applicable law. Red Hat shall have no liability with respect to such suspension or termination and You will continue to incur applicable Fees for the Services during any suspension.

2.5 Third Party Services. There may be third party software and/or services made available to You by Red Hat or third parties on or in connection with the Red Hat Online Services, any Red Hat marketplace or otherwise in connection with Your use of the Services ("Third Party Service(s)"). Red Hat provides no warranty, does not necessarily support and has not necessarily confirmed the validity, functionality or screened the content of such Third Party Services and any use is at Your own risk. Availability of such Third Party Services does not constitute an endorsement by Red Hat and availability of the Third Party Services does not necessarily mean that the Third Party Services will interoperate with any Red Hat Services, regardless of whether the Third Party Services are described as Red Hat "certified". The terms that apply to any Content you provide to the Third Party Service are solely between you and the Third Party Service and Your use of the Third Party Services is subject to the Third Party Service's policies. Any Third Party Service You receive is governed by the terms provided by such third party and you agree to abide by those terms and conditions. Red Hat and its licensors and vendors have no obligations and/or liability with respect to such third party or the Third Party Services. If You have agreed to receive the Third Party Services, You authorize Red Hat to grant the provider of such Third Party Services with access to Your Content and/or Your Account to the extent required to provide the Third Party Services or for interoperability with the Third Party Services. Third Party Services may be removed from or no longer available through the Services at any time.

3. Content and Data

3.1 Content. "Content" means any content or data, including but not limited to applications whether developed in connection with the Services or otherwise, software code, documentation, materials, information, text files, images and/or trademarks associated with Your Account or use of the Services and not provided by Red Hat. You are solely responsible for the use and deployment of Content in connection with the Services and in compliance with this Agreement and the Acceptable Use Policy. You represent and warrant that (a) You own all rights in, or have received a valid license or permission to use, Content, with rights, permissions or licenses sufficient to enable any activities in connection with the Services and (b) the use of Content by You, Your Users and/or Red Hat and its affiliates, vendors or subcontractors does not misappropriate or infringe, directly or indirectly, the intellectual property rights or any other rights of any third party, and that such use is lawful. You are prohibited from using the Services to store, create or deploy Content that is regulated under the International Traffic in Arms Regulations (ITAR). With regard to Content, You are solely responsible for compliance with the Acceptable Use Policy, this Agreement and all applicable laws and agree to remove immediately any Content that violates the Acceptable Use Policy, this Agreement or any applicable law. You are responsible for maintaining licenses and adhering to all license terms applicable to any Content used by You, Your Users, or Red Hat. Red Hat shall not be responsible under any circumstances for any claims, damages or other actions relating to Content, or Your or Your User's actions while using the Services.

3.2 Notices Regarding Content. You must immediately respond to any notice You receive claiming that Content violates a third party's rights, including without limitation notices under the Digital Millennium Copyright Act, and take corrective action, which may include but is not limited to promptly removing any such Content. You agree to implement a policy to respond to any and all such requests that You may receive regarding Your Users' Content.

3.3 Your Comments and Feedback. While using the Services, You may provide comments or feedback on the Services ("Feedback"). You understand and agree that Red Hat may use any such Feedback for any purpose, including implementing the Feedback in future versions of the Services, Software and/or other offerings without attribution or compensation and You grant Red Hat a perpetual and irrevocable license to use all Your Feedback for any purpose. You represent and warrant that Your Feedback will not include any of Your proprietary or confidential information or of any third party and that You have full authority to grant the foregoing license.

3.4 Your License Grant to Red Hat. You grant to Red Hat, and any third party service provider on whose services Red Hat may depend to provide the Services, a perpetual, worldwide, non-exclusive, non-transferable, royalty-free license to make, use, reproduce, prepare derivative works from, distribute, sell, offer to sell, import, perform and display Content for the purpose of providing the Services to You. Red Hat does not expect to access your Content or provide it to third parties except (a) as may be necessary to deliver, support or enhance the Services provided to you, (b) to investigate potential breaches of your agreements with Red Hat or to establish Red Hat's legal rights or defend against legal claims, (c) to detect, prevent or address fraud, technology or security issues, (d) to protect against harm to the rights, property or safety of Red Hat, its users or the public, or (e) as required by law or regulation (such as responding to a subpoena, warrant, audit or agency action). Red Hat may collect and use for any purpose aggregate anonymous data about your use of the Services. Except as set forth in this section, Red Hat obtains no rights in Content under this Agreement.

3.5 Backing up Content. You are solely responsible for backing up Content and otherwise using measures, as You deem necessary, to ensure that Content is not lost. You may lose any of the Content for which You do not maintain a copy outside of the Services. Red Hat and/or any of its vendors are not responsible to You, Your Users or any third party if Content is lost or deleted.

4. Data Privacy and Security

4.1 Data Processing and Transfer. To the extent Red Hat processes Personal Data (as such term is defined in the Data Processing Addendum) disclosed to it by You as part of Your Content, the Data Processing Addendum set forth in Appendix B shall apply to the parties. You acknowledge and agree that to provide the Services it may be necessary for Content or other information to be transferred between Red Hat, its affiliates, vendors and/or subcontractors, which may be located worldwide. You agree that Red Hat, its affiliates and/or subcontractors are acting as data processors or subprocessors on Your behalf, and You appoint us to process Your Content in order to provide the Services to You. Prior to providing us with any Content (including any Personal Data), You will provide any required disclosures to Your Users and obtain any necessary consent from Your Users whose Personal Data or other Content You will be transferring to Red Hat, its affiliates, vendors and/or subcontractors and hosting in Services. 

4.2 Privacy Policy. If You provide Your Users with access to an application You create in connection with the Services, You agree to protect the privacy of Your Users' data, including without limitation implementing and maintaining a privacy policy that complies with applicable law and notifying Your Users that their data will be stored on facilities accessible to Red Hat, its affiliates, vendors and subcontractors.

4.3 Data Security. You agree to use reasonable security precautions in light of Your use of the Services, including without limitation, where appropriate, encrypting any Content (including Personal Data) transmitted to and from, and while stored on, the Services. In addition, except as expressly set forth in Appendix B and where Appendix B applies, You acknowledge that you are solely responsible for taking steps to maintain appropriate security, protection and backup of Content. Red Hat makes no representation regarding the security of the Services or Your Content. In the event of unauthorized access to Content, You are responsible for complying with any applicable laws and regulations, including, for example, those that require notification of individuals whose personal data may have been compromised. If any Content could subject Red Hat to governmental regulation or special industry standards (e.g., credit card data) or may require security measures beyond those specified by Red Hat for the Services, You will not input, provide, or allow such Content unless Red Hat has otherwise first agreed in a separate written and signed document to implement additional security and other measures. You acknowledge and agree that Red Hat is not acting as a "Business Associate" as that term is defined in the Health Insurance Portability and Accountability Act ("HIPAA") found at 45 CFR §160.103.

4.4 Legal Process. Red Hat may provide information, including Content and information concerning Your Account, as required by law (such as responding to a subpoena, warrant, audit, or agency action, or to prevent fraud) or to establish or exercise its legal rights or to defend against legal claims. Red Hat shall not be liable for any use or disclosure of such information to such third parties.

5. Changes and Updates to Terms. Red Hat may modify this Agreement (including Appendix A, Appendix B, and the Acceptable Use Policy) at any time by posting a revised version at https://www.openshift.com/legal/terms/, by otherwise notifying You in accordance with Section 18 below, and/or by requiring You to accept the new revised terms. The modified terms will become effective (i) upon posting, (ii) if we notify You by email, as stated in the email message, or (iii) otherwise upon Your acceptance. By continuing to use the Services after the effective date of any modifications to this Agreement, You agree to be bound by the modified terms. It is Your responsibility to review this Agreement, the Appendices and the Acceptable Use Policy to be aware of the most recent terms. Red Hat last modified this Agreement on the date listed at the bottom of this Agreement.

6. Changes to the Services and Service Levels

6.1 Changes. Red Hat intends to periodically update, improve and/or discontinue certain functionality associated with the Services and Your user experience. As a result, the Services may be substantially modified. Red Hat reserves the right at any time to change and/or discontinue any or all of the Services (including the underlying platforms and application programming interfaces ("APIs") and/or application binary interfaces ("ABIs") which may inhibit Your ability to use existing applications. Red Hat will use reasonable efforts to provide notice of material changes to the Services on the applicable Services website.

6.2 Service Levels. The Services are generally provided through internet connectivity and third party vendors that Red Hat does not control and may be subject to delays, outages or other problems; Red Hat is not responsible for any such delays or outages. More broadly, Red Hat makes no service level-related representations, warranties, or covenants regarding Service uptime, connectivity, hosting conditions, load balancing, security, monitoring, backup, archiving, recovery, release management, change control, maintenance, availability, and the like, and will offer no Services credits for service levels You deem inadequate.

7. Fees and Payment

7.1 Fees. Certain Services may be offered at no charge ("Promotional Services"). For Services offered for a fee ("Fee"), You agree to pay Red Hat any applicable Fees to receive the Services and for all usage by You or Your Users. Certain Paid Services are sold in the form of access to Services for a defined period of time ("Subscription(s)"). Red Hat reserves the right to modify any Fees by providing You with thirty (30) days prior notice. All Fees are nonrefundable. You may be charged interest at the rate of 1.5% per month (or the highest rate permitted by law, if less) on all late payments.

7.2. Business Partners. Red Hat has entered into agreements with certain authorized third parties ("Business Partners") to promote, market and support the Services. If you purchase Services through a Business Partner, Red Hat confirms that it is responsible for providing the Software and Services to You under the terms of this Agreement. Red Hat is not responsible for (a) the actions of Business Partners, (b) any additional obligations Business Partners have to You, or (c) any products or services that Business Partners supply to You under any separate agreements between You and the Business Partner. You acknowledge and agree that Business Partners and Red Hat may share information about You, Your Users or use of the Services. If you are purchasing Services from a Business Partner the terms included in Sections 7.3 and 7.4 below do not apply.

7.3 Credit Card Processing. For any Services purchased through a Red Hat Online portal, You must first provide Red Hat with a valid and authorized credit card number and associated charge information prior to receiving Services and You (a) authorize Red Hat to charge Your credit card for any Fees, and for the amount due at the time of renewal of the Services, and (b) if needed, agree to provide updated credit card information to Red Hat for subsequent Fees due. In order to provide the Services, Red Hat may be required to share Your information, including credit card and other financial information, with third parties solely for the purpose of processing payment and/or providing the Services.

7.4 Order Form. If You are purchasing the Services from Red Hat other than through the Red Hat Online portal, the following terms will apply. Fees will be identified in an ordering document ("Order Form") and are (a) due upon Red Hat's acceptance of an Order Form or, for renewal of Services, at the start of the renewal term, and (b) payable in accordance with this section. If credit terms are provided to You, Red Hat will invoice You for the Fees upon Red Hat's acceptance of the applicable Order Form and upon acceptance of any future order. Unless otherwise specified in an Order Form and subject to Red Hat's approval of credit terms, You will pay Fees, no later than thirty (30) days from the date of each invoice. Red Hat reserves the right to suspend or cancel performance of all or part of the Services and/or change its credit terms if actual payment has not been received within thirty (30) days of the invoice date.

7.5 Taxes. All Fees are exclusive of Taxes. You will pay Red Hat an amount equal to any Taxes arising from or relating to this Agreement which are paid by or are payable by Red Hat. "Taxes" means any form of sales, use, value added or other form of taxation and any fines, penalties, surcharges or interest, but excluding any taxes based solely on the net income of Red Hat. If You are required to withhold or deduct any portion of the payments due to Red Hat, You will increase the sum payable to Red Hat by the amount necessary so that Red Hat receives an amount equal to the sum it would have received had You made no withholdings or deductions.

7.6 Future Availability. You acknowledge that Your purchase of the Services is not contingent on the future availability of any new features or functionality.

7.7 Promotions. From time to time, Red Hat may offer you certain promotional pricing or programs, including but not limited to developer previews or betas, during a specific term ("Promotional Period"). Your use of the Services during any such Promotional Period will be limited to the term of the Promotional Period and subject to the terms and conditions of this Agreement as well as any additional restrictions that Red Hat may provide in connection with the Promotional Period such as usage limitations, quotas, term limits and limited or no support.

8. Intellectual Property

8.1 Trademarks. The Red Hat and third party trademarks, logos, trade names and service marks ("Marks") displayed as part of the Services(s) are the property of Red Hat or other third parties. You are not permitted to use these Marks without the prior written consent of Red Hat or the third party trademark owner. This Agreement does not constitute such consent. Please consult with and abide by the Red Hat Trademark Guidelines and Policies at https://www.redhat.com/en/about/trademark-guidelines-and-policies, which govern any permitted use of Red Hat Marks.

8.2 Rights in Services. You agree that Red Hat and its licensors own all legal rights and interests, including intellectual property rights, in the Services. As part of the Services, You may receive access to certain Software. Your use of the Software is subject to the applicable license(s) set forth in Appendix A. Red Hat grants to You the right to access and use the Services as contemplated under this Agreement during the Services term and subject to Your compliance with this Agreement. You only acquire the right to use the Services and do not acquire any rights of ownership in the Services. You may use any documented APIs disclosed in the documentation for the Services solely for the purpose of integrating Content with the Services and for no other purpose; You may not use any such APIs to create products or services that compete with any of the Services, including the Software. You shall not (i) sublicense, sell, rent, distribute, assign or otherwise transfer the Services; (ii) reverse engineer, decompile or disassemble the Services except to the extent such conduct is permitted under applicable law notwithstanding this restriction; (iii) remove or modify any of the copyright, trademark or other proprietary notices contained in the Services; (iv) modify or create derivative works of the Services, (v) copy the Services, other than as may otherwise be permitted pursuant to an applicable Software license or (vi) use the Services to create products or services that compete with any of the Services. Red Hat reserves all rights to the Services not expressly granted herein. To the extent there is any conflict between this section and Appendix A, Appendix A will control. The licenses granted to You by Red Hat are conditioned on Your continued compliance with the terms of this Agreement, and will immediately and automatically terminate if You do not comply with any term or condition of this Agreement.

8.3 Open Source Assurance. The Services and Software are not provided with any protection or other coverage under Red Hat's Open Source Assurance Program.

9. Continuing Business. Nothing in this Agreement will preclude or limit Red Hat from providing software, materials or services for itself or other clients, irrespective of the possible similarity of such software, materials or services to those that might be delivered to You.

10. Linking. The Services may contain links to external sources, websites or content that are not owned, created or managed by Red Hat. Red Hat does not have control over such sites or content and has not reviewed them. The inclusion of any link to a website does not imply endorsement by Red Hat of the website or their sponsoring entities, products or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to Your use of (or reliance on) the external site or content.

11. Limited Liability and Disclaimer of Damages. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED IN THIS AGREEMENT, IN NO EVENT WILL RED HAT, ITS AFFILIATES, OR THEIR LICENSORS OR VENDORS BE LIABLE TO YOU OR YOUR AFFILIATES FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES (INCLUDING DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, OR DATA), EVEN IF SUCH ENTITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. FURTHER, NEITHER RED HAT, ITS AFFILIATES NOR THEIR LICENSORS OR VENDORS WILL BE RESPONSIBLE FOR ANY COMPENSATION, REIMBURSEMENT, OR DAMAGES ARISING OUT OF OR IN CONNECTION WITH: (A) YOUR INABILITY TO USE THE SERVICES, INCLUDING AS A RESULT OF (I) ANY TERMINATION OR SUSPENSION OF THIS AGREEMENT OR YOUR USE OF OR ACCESS TO THE SERVICE OFFERINGS, (II) OUR DISCONTINUATION OF ANY OR ALL OF THE SERVICE OFFERINGS OR (III) ANY UNANTICIPATED OR UNSCHEDULED DOWNTIME OF ALL OR A PORTION OF THE SERVICES FOR ANY REASON, INCLUDING AS A RESULT OF POWER OUTAGES, SYSTEM FAILURES OR OTHER INTERRUPTIONS; (B) THE COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; (C) ANY INVESTMENTS, EXPENDITURES, OR COMMITMENTS BY YOU IN CONNECTION WITH THIS AGREEMENT OR YOUR USE OF OR ACCESS TO THE SERVICE OFFERINGS; OR (D) ANY UNAUTHORIZED ACCESS TO, ALTERATION OF, OR THE DELETION, DESTRUCTION, DAMAGE, LOSS OR FAILURE TO STORE ANY OF YOUR CONTENT OR OTHER DATA.

FOR ALL EVENTS AND CIRCUMSTANCES, RED HAT, ITS AFFILIATES' AND THEIR LICENSORS' AND VENDORS' AGGREGATE AND CUMULATIVE LIABILITY ARISING OUT OF OR RELATING TO THIS AGREEMENT, INCLUDING WITHOUT LIMITATION ON ACCOUNT OF PERFORMANCE OR NON-PERFORMANCE OF OBLIGATIONS, REGARDLESS OF THE FORM OF THE CAUSE OF ACTION, WHETHER IN CONTRACT, TORT (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE), STATUTE OR OTHERWISE WILL BE LIMITED TO DIRECT DAMAGES AND WILL NOT EXCEED THE AMOUNTS RECEIVED BY RED HAT DURING TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE FIRST EVENT GIVING RISE TO LIABILITY, WITH RESPECT TO THE PARTICULAR ITEMS (WHETHER SOFTWARE, SERVICES OR OTHERWISE) GIVING RISE TO LIABILITY.

LIABILITY FOR THESE DAMAGES DESCRIBED IN THIS SECTION 11 WILL BE LIMITED OR EXCLUDED (AS THE CASE MAY BE) EVEN IF ANY EXCLUSIVE REMEDY PROVIDED FOR IN THIS AGREEMENT FAILS ITS ESSENTIAL PURPOSE. TO THE EXTENT THAT LIABILITY FOR CERTAIN DAMAGES MAY NOT BE LAWFULLY EXCLUDED OR LIMITED AS PROVIDED ABOVE, THE TERMS OF THIS SECTION 11 WILL BE ENFORCED TO THE EXTENT PERMITTED BY APPLICABLE LAW.

12. No Warranties. You understand and agree that the Software and Services may contain bugs, errors and/or inadequacies. FOR ALL CIRCUMSTANCES AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE SERVICES AND SOFTWARE OF RED HAT, ITS AFFILIATES AND THEIR LICENSORS AND VENDORS AND ANY THIRD PARTY SERVICES ARE PROVIDED "AS IS", "AS AVAILABLE" AND WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE. NEITHER RED HAT NOR ITS AFFILIATES, LICENSORS OR VENDORS MAKES ANY GUARANTEE OR WARRANTY THAT THE USE OF SOFTWARE, SERVICES AND/OR ANY THIRD PARTY SERVICES WILL BE SECURE, UNINTERRUPTED, COMPLY WITH REGULATORY REQUIREMENTS, BE ERROR FREE OR THAT RED HAT WILL CORRECT ALL SOFTWARE AND/OR SERVICE ERRORS. Without limiting the generality of the foregoing disclaimer, the Services are not specifically designed, manufactured or intended for use in (a) the planning, construction, maintenance, control, or direct operation of nuclear facilities, (b) aircraft navigation, control or communication systems, weapons systems, or (c) direct life support systems. You agree that You are solely responsible for the results obtained from the use of the Services.

13. Indemnification. You agree to indemnify and hold harmless Red Hat, its affiliates and their licensors and vendors, and each of their respective employees, officers, directors, and representatives from and against any claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees and associated litigation expenses) arising out of or relating to: (a) Your use and/or Your Users' use of the Services and Software; (b) Your breach of this Agreement or the Acceptable Use Policy, or violation of applicable law by You and/or Your Users; (c) Content or the combination of Content with other applications, content or processes, (d) any claim or allegation that Content infringes or misappropriates the intellectual property or any other rights of any third party; (e) Red Hat's response to any third party subpoena, warrant, audit, agency action or other legal order or process concerning Content, Your Account and/or use by You and/or Your Users of the Services and Software or (f) any dispute between You and a Third Party Service or You and Your User. Red Hat will provide You with written notice of any claim, suit or action, but its failure to do so does not relieve Your of Your obligations under this section.

14. Export Control. Red Hat may supply You with software, services and/or technical data that are subject to export control restrictions under the laws of the United States or other countries (the "Export Control Laws"). You agree to comply with all applicable Export Control Laws in connection with Your use of the Services, Your Content and Your Users and agree not to use the Services or Software if You or Your Users are barred from receiving them under any of the Export Control Laws (for example, if You or they are located in a jurisdiction that is subject to United States sanctions regulations, which currently includes Cuba, Iran, North Korea, Sudan and Syria and which are subject to change as posted by the United States government). Red Hat will not be responsible for Your compliance with the Export Control Laws. If (a) You breach this section, the export control provisions of a Software license agreement or any provision referencing these sections or (b) it would be a violation of any of the Export Control Laws for Red Hat to provide You with access to any of the Services, Red Hat may terminate this Agreement immediately without liability to You. You agree that You will not use the Services in connection with any nuclear, chemical or biological weapons or missile technology, unless authorized by the relevant government agency by regulation or specific license.

15. Confidentiality

15.1 Obligations. Both parties agree that (i) Confidential Information will be used only in accordance with the terms and conditions of this Agreement; (ii) each will use the same degree of care it utilizes to protect its own confidential information, but in no event less than reasonable care; and (iii) the Confidential Information may be disclosed only to employees, agents and contractors with a need to know, and to its auditors and legal counsel, in each case, who are under a written obligation to keep such information confidential using standards of confidentiality not less restrictive than those required by this Agreement. Both parties agree that obligations of confidentiality will exist for a period of two (2) years following initial disclosure of the particular Confidential Information. "Confidential Information" means all information disclosed by either Red Hat or You ("Disclosing Party") to the other party ("Recipient") during the term of this Agreement that is either (i) marked confidential or (ii) disclosed orally and described as confidential at the time of disclosure and subsequently set forth in writing, marked confidential, and sent to the Recipient within thirty (30) days following the oral disclosure.

15.2 Exclusions. Confidential Information will not include information which: (i) is or later becomes publicly available without breach of this Agreement, or is disclosed by the Disclosing Party without obligation of confidentiality; (ii) is known to the Recipient at the time of disclosure by the Disclosing Party; (iii) is independently developed by the Recipient without use of the Confidential Information; (iv) becomes lawfully known or available to the Recipient without restriction from a source having the lawful right to disclose the information; (v) is generally known or easily ascertainable by parties of ordinary skill in the business of the Recipient; or (vi) is software code in either object code or source code form that is licensed under an open source license. The Recipient will not be prohibited from complying with disclosure mandated by applicable law if, where reasonably practicable and without breaching any legal or regulatory requirement, it gives the Disclosing Party advance notice of the disclosure requirement.

16. Term and Termination

16.1 Agreement Term. The Agreement will commence on the Effective Date and continue in effect until terminated as set forth below.

16.2 Renewal of Services. The Services shall continue to renew for additional terms for so long as You are current in Your payment of all applicable Fees and not in breach of this Agreement, unless you provide notice of non-renewal at least two (2) business days prior to the end of the then current term. Subscriptions will renew at the same price for the applicable Subscription term. If You terminate the Services You are responsible for: (1) removing any Content from Your Account and (2) following any additional steps provided to You in connection with the termination. You will continue to incur Fees until you successfully complete the actions described above.

16.3 Termination of the Services. You may stop using the Services or may terminate Your Account at any time, subject to the terms below. Red Hat may discontinue Promotional Services at any time upon notice to You. All Fees are non-refundable even if You terminate the Services prior to the end of the month and you will be responsible for any Fees incurred prior to termination. Red Hat may, at its discretion terminate Your Account and remove Your Content if Your Account has been inactive for more than fifteen (15) days.

16.4 Termination of the Agreement. Red Hat may terminate the Agreement in its sole discretion on thirty (30) days prior notice; provided that if You have pre-paid for Services beyond such thirty (30) day period, Red Hat may provide You either, at its sole discretion, a pro rata refund of pre-paid Fees or the ability to continue to use the Services for such pre-paid period. Either Party may terminate the Agreement for material breach by the other Party of this Agreement if the breach is not remedied within twenty (20) days of receiving notice of such breach. Without limiting other rights that Red Hat may have, Red Hat may suspend or terminate Your Services, and Your Account or disable Your or Your User's Content immediately if Red Hat reasonably believes You have breached this Agreement, the Acceptable Use Policy or applicable law.

16.5 Effect of Termination. Upon termination of the Agreement, You will be required to pay any outstanding Fees that are due, all rights under this Agreement will cease and You may no longer use the Services. Following termination of Your Account, You will no longer have access to the Services, or any Content stored in connection with the Services. You are responsible for ensuring that You have additional copies of any Content. The following sections of this Agreement will survive such termination or expiration: Sections 2.5, 3.4, 4.4, 8 and 11-21 and any post-termination requirements set forth in Appendix A.

17. Governing Law/Consent to Jurisdiction. The validity, interpretation and enforcement of this Agreement will be governed by and construed in accordance with the laws of the United States and of the State of New York without giving effect to the conflicts of laws provisions thereof or the United Nations Convention on Contracts for the International Sale of Goods. All disputes arising out of or relating to this Agreement will be submitted to the exclusive jurisdiction of the state or federal courts of competent jurisdiction located in Raleigh, North Carolina, and each party irrevocably consents to such personal jurisdiction and waives all objections to this venue. In the event the Uniform Computer Information Transactions Act (UCITA) or any similar federal or state laws or regulations are enacted, it will not apply to this Agreement, and the governing law will remain as if such law or regulation had not been enacted.

18. Notices. Red Hat may provide a notice to You under this Agreement by: (i) posting the notice on the Services website; or (ii) sending a message to the email address associated with Your Account. Notices provided by posting on the Services website will be effective upon posting and notices provided by email will be effective when Red Hat sends the email. It is Your responsibility to keep Your email address current and to update Your profile with Red Hat if it changes. You will be deemed to have received any email sent to the email address associated with Your Account following transmission by Red Hat, whether or not You actually receive the email. To give notice to Red Hat under this Agreement, You must contact Red Hat either by (1) overnight courier to Red Hat, Inc., Attention: General Counsel, 100 East Davie Street, Raleigh, North Carolina 27601 or (2) email to: legal-notices@redhat.com. Red Hat may update its contact information by posting a notice on the Red Hat website. Notices provided by overnight courier or facsimile transmission will be effective one business day after they are sent. Notices must be in English.

19. Publicity and Benchmarking. You may not misrepresent Your relationship with Red Hat nor suggest or publish that Red Hat or any of its affiliates or licensors endorses, sponsors, contributes to or provides support for Content. You may not publish the results of any benchmarking studies that You conduct in connection with the Services or publish any press releases regarding Your use of the Services unless You obtain Red Hat's prior written approval.

20. Miscellaneous. This Agreement is binding on the parties to this Agreement, and nothing in this Agreement grants any other person or entity any right, benefit or remedy of any nature whatsoever. Nothing in this Agreement will be construed to create an employment or agency relationship between You and Red Hat (or any Red Hat personnel). All headings contained in this Agreement are inserted for identification and convenience and will not be deemed part of this Agreement for purposes of interpretation. If any provision of this Agreement is held invalid or unenforceable for any reason but would be valid and enforceable if appropriately modified, then such provision will apply with the modification necessary to make it valid and enforceable. If such provision cannot be so modified, the parties agree that such invalidity will not affect the validity of the remaining provisions of this Agreement. The delay or failure of either party to exercise any rights under this Agreement will not constitute or be deemed a waiver or forfeiture of such rights. No waiver will be valid unless in writing and signed by an authorized representative of the party against whom such waiver is sought to be enforced. This Agreement, including any policy referenced herein, represents the final, complete and exclusive statement of the agreement between the parties with respect to its subject matter, notwithstanding any prior written agreements or prior and contemporaneous oral agreements with respect to the subject matter of this Agreement. Neither party may assign this Agreement without the prior written consent of the other party; provided, however, that Red Hat may assign this Agreement without such consent to an affiliate or to any third party in connection with the sale of all or substantially all of its business or assets to which this Agreement relates. Red Hat and its affiliates will not be liable for any delay or failure to provide Services where the delay or failure results from any cause beyond its reasonable control, including acts of God, labor disputes or other industrial disturbances, systemic electrical, telecommunications, or other utility failures, earthquake, storms or other elements of nature, blockages, embargoes, riots, acts or orders of government, acts of terrorism, or war.

21. Waiver of Jury Trial. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, EACH PARTY WAIVES THE RIGHT TO TRIAL BY JURY IN ANY LEGAL PROCEEDING ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE TRANSACTIONS CONTEMPLATED UNDER THIS AGREEMENT.

APPENDIX A

RED HAT ONLINE SERVICES

1. Purpose. This Appendix A is attached to and is incorporated into the Agreement. When a capitalized term is used in this Appendix without a definition, the term has the meaning defined in the Agreement. "Services" are (1) the OpenShift Online services; (2) the Red Hat OpenShift.io services, (3) Quay.io, (4) Red Hat 3scale.net Online and (5) the Add On Services, each as described below.

2. Domain Names. In order to utilize some of the Services, You may be required to create a unique domain name. Your choice of name must be in conformance with the Acceptable Use Policy. Red Hat may, in its sole discretion, reject any domain name request submitted by You at any time, including after public use. Red Hat reserves the right to deactivate any domain name and require that You use a different domain name if Red Hat receives a notice by a third party that the domain name misappropriates or infringes a third party's rights or if the domain name violates the terms of this Agreement, the Acceptable Use Policy or applicable law.

3. Technical Support. The Services are provided for Your use and evaluation without any technical support and may include beta or developer preview services. You may be able to submit questions or report bugs, but You should have no expectation that questions will be answered or that problems will be resolved.

For some Services Red Hat may offer certain technical support to You for an additional fee ("Technical Support"). You are responsible for providing all technical support to Your Users, unless Your User has a separate agreement with Red Hat under which Red Hat has agreed to provide technical support to them for this Service.

4. Fees. Certain Services may be offered as a Promotional Services at no cost, subject to certain usage thresholds and restrictions as set forth at https://www.openshift.com/legal/acceptable-use/. If You require Services in excess of the thresholds or if you want to receive technical support you must purchase the Services and pay the associated Fees. For details on the various Service offerings please refer to the following for OpenShift at https://www.openshift.com/products/pricing/ or https://access.redhat.com/support/offerings/openshift/sla; for Red Hat 3Scale.net Online at https://www.3scale.net/pricing and for Quay.io at https://quay.io/plans/.

Add ons. You may also be offered certain Add-On Services which require an underlying Red Hat Online Subscription Service. Add ons may also be subject to their own limitations.

5. Capacity. Your use of the Services (including Add-On Services) will be limited to a certain amount of Units (including memory, storage, bandwidth, etc.) as set forth at the websites for the applicable Online Service listed in Section 4. The "Unit" is the measurement of usage upon which Fees are paid or capacity is limited. Red Hat may in its sole discretion increase or decrease the levels of the Services from time to time upon thirty (30) days prior notice to You.

6. License. You may receive certain Software to facilitate uploading and managing Content. The licensing terms applicable to the Software are located in or provided with the Software You receive and you agree to such terms.

7. 3scale.net Specific Terms. The following terms apply specifically with respect to 3scale.net.

Usage Conditions. API Calls generated in both production and non-production environments will count towards the number of API Calls. It is your responsibility to purchase Subscriptions in an amount that can reasonably accommodate traffic spikes consistent with the level of Subscriptions you have purchased. Without limiting the foregoing obligation, Red Hat reserves the right to suspend the Red Hat Online Services without notice if your API Call volumes exceed four times (4x) the per second limit. "Per second limit" means two times the maximum number of API Calls allowable per day in your contracted Subscription tier divided by the number of seconds in a day rounded up to the nearest whole number. For example, if your maximum API Calls per day is Three Million (3,000,000), the per second limit would be equal to Seventy (70). Red Hat reserves the right to suspend the Red Hat Online Subscriptions if your API call volumes exceed the maximum limits of Fifty Million (50,000,000) per day, Thirty Thousand (30,000) per minute or One Thousand (1,000) per second, unless otherwise agreed by the parties in writing. There is no limit on the number of environments and locations where you maybe deploy API management agents.

Utilization Policy. Red Hat evaluates quota compliance on a monthly basis. If your actual API calls exceed the Daily Limit for two or more days per month, you will either (a) reduce traffic consumption to return to compliance with the number of Units you purchased; or (b) purchase additional Subscription Services. Red Hat also reserves the right to evaluate your API Call volume on a per second limit basis (defined above) in a two week period ("Throughput"). For purposes of calculating Throughput, Red Hat will remove the top 5% peaks of your API Calls during that period. In other words, Throughput can exceed the amount of API Calls you have purchased 5% of the time in each of the 2 weeks. If your Throughput exceeds the rate you purchased more than 5% of the time during the month, you will either (a) reduce traffic consumption to return to compliance with the number of Units you purchased or (b) purchase additional Subscriptions.

Data Retention Policy. During your use of 3scale.net Services, Red Hat may calculate and optionally store statistics and/or logs of the your traffic that you report using the provided 3scale APIs. Red Hat may limit the period of storage of this statistical data depending on your contract type and makes no commitment with respect to free accounts and may remove stored statistical data at any time with no warning.

8. Red Hat OpenShift.io Add On. Your use of the Red Hat OpenShift.io Services will be limited by certain technical and bandwidth limitations and Red Hat reserves the right to restrict Your use if it exceeds the limitations. Usage of the Red Hat OpenShift.io Services is currently only available in a publicly available mode so you should be aware that usage of the Services by You may be monitored or viewed by the general public, including your user name and other identifying information. If you do not agree to that, do not use the service. If you are connecting to a third party code repository you are responsible for any authentication with that repository and for complying with any terms required by that service.

APPENDIX B

DATA PROCESSING ADDENDUM

This Data Processing Addendum ("Addendum") is by and between Red Hat Inc. ("Red Hat") and Customer (defined below) and shall apply when Red Hat processes Personal Data disclosed to it by Customer as part of Your Content under the Red Hat Online Services Agreement (the "Agreement"). This Addendum is effective as of the Effective Date of the Agreement. This Addendum applies where and only to the extent that Red Hat is a Processor of Personal Data in the course of providing products or services under the Agreement. This Addendum is intended to demonstrate the parties' compliance with EEA Data Protection Law and with any other data protection laws identified at https://www.redhat.com/en/about/agreements/dpl (together "Data Protection Laws").

1. Any capitalized terms not defined herein shall have the meanings given in the Agreement. For purposes of this Addendum, words and phrases in this Addendum shall, to the greatest extent possible, have the meanings given to them in the applicable Data Protection Laws. In particular:

(a) "Controller" has the meaning given to it in the applicable Data Protection Laws.

(b) "Customer" means the customer entity that has executed the Agreement or "You" as such term is defined in the Agreement.

(c) "Data Subject" has the meaning given to it in the applicable Data Protection Laws.

(d) "EEA Data Protection Law" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("General Data Protection Regulation" or "GDPR"), and laws implemented by EEA members and Switzerland which contain derogations from, or exemptions or authorizations for the purposes of, the GDPR, or which are otherwise intended to supplement the GDPR or convert the GDPR into domestic law.

(e) "Personal Data" has the meaning given to it in the applicable Data Protection Laws.

(f) "Processing" has the meaning given to it in the applicable Data Protection Laws.

(g) "Processor" has the meaning given to it in the applicable Data Protection Laws.

(h) "Standard Contractual Clauses" means the standard contractual clauses annex to the EU Commission Decision 2010/87/EU of 5 February 2010 (C(2010)593) for the transfer of Personal Data to Processors established in third countries as updated or replaced by the European Commission from time to time.

(i) "Subprocessor" means any natural or legal person, public authority, agency or other body which processes personal data on behalf of a Processor (including any affiliate of the Processor).

2. Processor shall undertake to implement appropriate technical and organizational measures in such a manner that its Processing of Personal Data will meet the requirements of applicable Data Protection Laws and ensure the protection of the rights of the Data Subjects. The context for the Processing of the Controller's Personal Data by the Processor is the performance of the Processor's obligations under the Agreement, and Processor will Process such Personal Data until the expiration or termination of the Agreement unless otherwise instructed in writing by Controller. The types of Personal Data Processor will Process are described in Exhibit 1.

3. Controller agrees that Processor may use Subprocessors to fulfil its contractual obligations to Controller under the Agreement or to provide certain Services on behalf of Processor, such as providing support services. Controller consents to Processor's use of Subprocessors for such purposes. Processor will, following Controller's written request, provide to Controller a list of the names of new Subprocessors, and provide Controller the opportunity to object to any new Subprocessor, but only as and to the extent required by applicable Data Protection Laws. Controller agrees to treat such list of Subprocessors as Processor's Confidential Information under the terms of the Agreement. Subprocessors are required to abide by the same level of data protection and security as Processor under this Addendum as applicable to their Processing of Personal Data. Processor will restrict the Subprocessors' access to, and Processing of, Personal Data only to what is necessary to provide products or services to Controller in accordance with the Agreement. If Controller objects to Processor's use of any new Subprocessor by giving written notice to Processor within thirty (30) days of being informed by Processor of the appointment of such new Subprocessor and Processor fails to provide a commercially reasonable alternative to avoid the Processing of Personal Data by such Subprocessor within thirty (30) days of Processor's receipt of Controller's objection, Controller may, as its sole and exclusive remedy, terminate any Processor Services that cannot be provided by Processor without the use of the objected to new Subprocessor.

4. In accordance with Data Protection Laws:

(a) Processor shall only Process the Personal Data (i) as needed to provide the products or services to Controller in accordance with the Agreement, (ii) in accordance with the specific instructions that it has received from Controller, including with regard to any transfers, and (iii) as needed to comply with laws that Processor is subject to, and in such case, Processor will inform Controller of that legal requirement before Processing unless the law prohibits such information on important grounds of public interest;

(b) Processor shall ensure that persons authorized to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

(c) Processor shall implement the measures set forth in Exhibit 2 to ensure a level of security appropriate to the risks that are presented by Processor's Processing of Personal Data, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons;

(d) Taking into account the nature of the Processing, Processor shall assist Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Controller's obligation to respond to requests for exercising Data Subjects' rights;

(e) Taking into account the nature of Processing and the information available to Processor, Processor shall assist Controller with Controller's compliance with its obligations regarding personal data breaches, data protection impact assessments, security of processing, and prior consultation, each as and to the extent required by applicable Data Protection Laws;

(f) Upon Controller's written request, Processor shall delete or return all of the Personal Data to Controller after the end of the provision of products or services relating to Processing, and delete existing copies, unless otherwise required by applicable laws. In such cases, Processor will ensure that Controller Personal Data is only Processed as necessary to comply with applicable laws;

(g) Upon Controller's written request, Processor shall provide Controller with a confidential summary report of its external auditors to verify the adequacy of its security measures and other information necessary to demonstrate Processor's compliance with this Addendum and, to the extent required by Data Protection Laws (and no more than once per year unless otherwise required by Data Protection Laws) allow for, and contribute to, audits, including inspections, conducted by Controller or another auditor mandated by Controller. Controller agrees to treat such summary report and other information described in this subsection as Processor's Confidential Information under the terms of the Agreement; and

(h) Processor shall promptly inform Controller if, in Processor's opinion, an instruction by Controller infringes Data Protection Laws.

5. In the case of a transfer of Personal Data to a country not providing an adequate level of protection pursuant to the applicable Data Protection Laws ("Non-Adequate Country"), the parties shall cooperate to ensure compliance with the applicable Data Protection Laws as set out in the following sections. If Customer believes the measures set out below are not sufficient to satisfy the applicable legal requirements, Customer shall notify Red Hat and the parties shall work together to find an alternative.

(a) The Controller agrees and will ensure that it is entitled to transfer Personal Data to Processor so that Processor may lawfully Process the Personal Data in accordance with the Agreement and this Addendum. Processor agrees that it will comply with applicable laws regarding transfers of Personal Data from the Controller to Processor.

(1) For such transfers of Personal Data from the EEA to the U.S., Processor affirms it (or its U.S. affiliate) has successfully certified its adherence to the EU-US and Swiss-US Privacy Shield Frameworks, as administered by the U.S. Department of Commerce and detailed at https://www.privacyshield.gov ("Privacy Shield"), as of the Effective Date of this Addendum. Processor agrees to promptly notify Customer if Processor becomes aware that its or its U.S. affiliate's Privacy Shield certification no longer remains active and in effect or such certification is insufficient to cover the Processing of Personal Data contemplated herein, or if it or its U.S. affiliate no longer complies with the Privacy Shield with respect to the Personal Data.

(2) In the event that (i) the Privacy Shield is invalidated, (ii) Processor's Privacy Shield certification is no longer in effect, (iii) Processor's Privacy Shield certification is not valid to cover its Processing of Personal Data described herein, or (iv) Processor no longer complies with the Privacy Shield, the Parties agree that by signing this Addendum, Customer is entering into the Standard Contractual Clauses with Red Hat and with each Subprocessor that is a Red Hat affiliate located in a Non-Adequate Country ("Red Hat Subprocessors"). Such Standard Contractual Clauses will enter into effect as of the earliest of the date that (v) the Privacy Shield is invalidated, (vi) Processor's Privacy Shield certification is no longer in effect, (vii) Processor's Privacy Shield certification is not valid to cover its Processing of Personal Data described herein, or (viii) Processor no longer complies with the Privacy Shield. For purposes of the Standard Contractual Clauses, Controller will be referred to as the "Data Exporter" and Processor and Red Hat Subprocessors will be referred to as the "Data Importer" and Exhibits 1 and 2 of this Addendum shall be incorporated into the Standard Contractual Clauses. If Customer is acting as a Processor on behalf of other Controllers of all or part of the Personal Data, then Customer is entering into the Standard Contractual Clauses (y) as back-to back Standard Contractual Clauses in accordance with Clause 11 of the Standard Contractual Clauses ("Back-to-Back SCC"), provided that Customer has entered into separate Standard Contractual Clauses with the Controllers, or (z) on behalf of the other Controllers. Customer agrees in advance that any new Red Hat Subprocessor engaged by Red Hat in accordance with Section 3 shall become an additional Data Importer under the Standard Contractual Clauses and/or Back-to-Back SCC.

(b) Processor (and any of its Subprocessors) shall only transfer Personal Data from the EEA or Personal Data that are otherwise subject to EEA Data Protection Law to a country outside the EEA where (a) the transfer (and any onward transfer) is pursuant to a written contract including substantially equivalent obligations on the receiving entity regarding Controller's Personal Data as those that apply to Processor under this Addendum, and (b) the entity receiving the Personal Data is located in a territory which is subject to a current finding by the European Commission that it provides adequate protection for Personal Data (such as the U.S.-EU Privacy Shield for EEA to U.S. transfers), or as Standard Contractual Clauses are entered into in accordance with Section 5(a) above, the Processor is entering into Back-to-Back SCC in accordance with Clause 11 of the Standard Contractual Clauses with the receiving entity or have some alternative mechanism for data transfers in place that has been approved by relevant authorities pursuant to applicable Data Protection Laws.

(c) In case of conflict between the Standard Contractual Clauses and this Addendum, the Standard Contractual Clauses will prevail and the Standard Contractual Clauses or the Back-to-Back Standard Contractual Clauses, including any claims arising from them, are subject to the terms set forth in the Agreement, including the exclusions and limitations of liability.

6. Processor will promptly investigate all allegations of unauthorized access to, or use or disclosure of the Personal Data. If Processor reasonably believes there has been a personal data breach, Processor will notify Controller without undue delay, and provide sufficient information to allow Controller to report the personal data breach or notify Data Subjects as required by applicable Data Protection Laws.

7. Processor shall maintain all records required by applicable Data Protection Laws, and (to the extent they are applicable to Processor's activities for Controller) Processor shall make them available to Controller upon its written request.

8. In the event any provision of the Agreement shall conflict with a provision of this Addendum, the provision of this Addendum shall take precedence and govern.

EXHIBIT 1 TO APPENDIX B, DATA PROCESSING ADDENDUM

Data Exporter

The data exporter is the Customer.

Data Importer

The data importer is Processor or Subprocessor, as applicable.

Categories of Data Subjects

Data exporter may submit Personal Data to Processor the extent of which is determined and controlled by the data exporter in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of Data Subjects:

  • Employees or contractors of data exporter
  • Data exporter's users authorized by data exporter to use the Services or Online Services
  • Employees or contact persons of data exporter's customers, business partners and vendors

Categories of Personal Data

Data exporter may submit Personal Data to Processor the extent of which is determined and controlled by the data exporter in its sole discretion, and which may include, but is not limited to the following categories of Personal Data:

  • First and last name
  • Employment information (such as title, position, employer)
  • Contact information (such as email, phone, physical address)
  • IP address, online identifier or other ID data

Special categories of Personal Data

The Personal Data transferred concern the following categories of Personal Data: None

Processing operations

The transfer and Processing of Personal Data is made for the following purposes: To provide the Services and support as set forth in the Agreement to Controller from Processor locations and personnel located within and outside of the United States and EEA.

Duration of Processing 

The Processing of Personal Data will occur for the duration set forth in the Agreement.

EXHIBIT 2 TO APPENDIX B, DATA PROCESSING ADDENDUM

Security Measures

The provisions of this Exhibit 2 apply to Processor.

In connection with its provision of products or services under the Agreement, Processor agrees that it shall take all reasonably necessary steps and security precautions in accordance with commercially reasonable industry standards to minimize the risk of unauthorized access to, or compromise of, Personal Data. 

Processor will maintain and keep updated administrative, physical, and technical safeguards and procedures designed to protect the security, confidentiality and integrity of Personal Data while under Processor's possession, custody or control that cover the areas below.

  • Information Security Procedures. Maintain, update and monitor procedures designed to protect Processor's information systems from loss, damage, unauthorized disclosure or disruption of business, which includes the physical and logical protection of information systems including Personal Data that is processed or transmitted.

  • Organization of Information Security. Maintain an information security organization to coordinate the implementation of security for Processor.

  • Asset Management. Maintain procedures to identify, control and maintain the security of Processor assets and Personal Data.

  • Human Resources Security. Maintain procedures that determine whether Processor personnel and third parties engaged by Processor are suitable for their roles, and provide appropriate training and information so that Processor users and such third parties understand their information security responsibilities in relation to Personal Data.

  • Physical and Environmental Security. Provide measures which protect Processor information systems and the Personal Data contained thereon with an appropriate level of physical security and suitable environmental controls for information and information systems, as well as the supporting infrastructure).

  • Access Control. Procedures which restrict access to information systems, including providing user identification and access controls.

  • Information Security Incident Management. Maintain procedures which provide an incident response plan and program designed to allow for investigation, response and corrective actions of any security incident. Procedures shall include a means to notify Data Exporter promptly if any security incident is determined to have caused a Personal Data Breach.

  • Continued review. Continue review of Processor's information security safeguards and controls and implement additional or different measures when deemed appropriate. Processor reserves the right in its sole discretion to modify and update its IT and security controls so long as such modification or updates do not materially reduce the level of security to the Personal Data.