END USER LICENCE AGREEMENT (EULA) WHITE HAT Subscription General Terms & Conditions for WHITE HAT MANAGED SECURITY SERVICES Last Updated: July 19, 2022 Version 2.4 The following White Hat managed security services (White Hat MSS) Subscription General Terms and Conditions Agreement is between the entity you represent, or, if you do not designate an entity in connection with this Subscription, you individually (“Customer”, “you”, “your”) and White Hat IT Security Kft. (“White Hat”, “we,” “us”, or “our”) as the provider. It consists of the terms and conditions defined in the End User Service Agreement between Parties (EUSA), the terms and conditions below, and the SLAs for your Subscription as well as any third-party terms (together the “Agreement”). It is effective on the date you accept it (acceptance defined as signing the EUSA) or on which your Subscription is renewed, as applicable. The key definitions are as follows: 1. DEFINITIONS "Customer Data" means data collected from sensors enabled by installed Software on your device or devices as part of your Subscription. "End User" means any person you permit to access reports, information and data provided by and as a result of the White Hat Services or otherwise use the White Hat Services. “MDE” means the Microsoft Defender for Endpoint services or equal prevailing Microsoft services. “Portal” means the White Hat Services’ respective web sites that can be found at https://whitehat.eu, or at an alternative website we identify. "Product" means any of the White Hat Service components (including any Software). "Schedule" means the executed basic Subscription conditions that records the duration, class and applicable fees payable related to your Subscription. “SLA” means the commitments we make regarding delivery and/or performance of a White Hat Service, as made available to Customer during the contracting period. "Software" means Microsoft or any other third-party software we provide for installation on your device or devices as part of your Subscription or to use with the White Hat Service to enable certain functionality. "Subscription" means an enrolment for the White Hat Services for a defined Term as specified in the End User Service Agreement between Parties. You may sign up for or purchase multiple Subscriptions, which may be administered separately, and which will be governed by the terms of a separate White Hat Managed Security Services Agreement. "Term" means the duration of a Subscription (e.g., 365 days). "White Hat Service" means any of the White Hat managed security services to which you subscribe under this Agreement. 2. GRANT OF RIGHTS TO USE WHITE HAT SERVICES 2.1. Right to use We grant you the right to access, access data relating to and use the White Hat Services and to install and use the Software included with your Subscription, as further described in this Agreement. Your right to use the White Hat Services and Software is non-exclusive, non-perpetual, and non-transferable. Any references in this Agreement to running licensed Software on a perpetual basis do not apply. We reserve all other rights. 2.2. Acceptable use. You may use the White Hat Services and Software only in accordance with this agreement. If you are a developer, you may use one instance of the Product to work with and test integration with your service or solution, on up to ten (10) devices. You may not reverse engineer, decompile, disassemble, or work around technical limitations in the Product, except to the extent applicable law permits it despite these limitations. You may not disable, tamper with, or otherwise attempt to circumvent any billing mechanism that meters your use of the White Hat Services. You may not rent, lease, lend, resell, transfer, or host the Product, or any portion thereof, to or for third parties except as expressly permitted in this Agreement. You may not access or use the White Hat Services in any way that could harm the White Hat Services or impair anyone else’s use of the White Hat Services or try to gain unauthorized access to the White Hat Services, related data, account or network by any means. 2.3. Access to Customer Data You hereby grant us limited access rights, secure and maintain all other rights to Customer Data necessary for us to provide the White Hat Services to you without violating the rights of any third party and such rights may only be granted as long as they are needed to enable and necessary for us to provide the White Hat Services you subscribe to under this Agreement. 3. YOUR ACCOUNT 3.1. Account setup You may launch, access and use the White Hat Services only if you: (a) accept the End User Service Agreement (EUSA) and inherently the terms and conditions of this agreement; (b) have created an online services subscription to MDE according to Microsoft’s instructions; and (c) have completed the instructions we provide to setup our access to your MDE tenant. You are responsible for maintaining the confidentiality of the non-public authentication credentials associated with your use of the White Hat Services. You must keep your accounts and passwords confidential. You must promptly notify our customer support team about any possible misuse of your accounts or authentication credentials, or any security incident related to the White Hat Services. 3.2. End users You control access by End Users, and you are responsible for their use of the White Hat Services or Software in accordance with this agreement. For example, you will ensure End Users comply with the Acceptable Use Policy. 4. SERVICE LEVELS; SECURITY 4.1. Service levels All service levels and groups of services relating to this Agreement are outlined in the SLA attached/linked hereto or made available simultaneously. 4.2. Security We may apply security technologies and procedures to help protect against unauthorized access or use of the White Hat Services. We do not guarantee the success of such technologies and procedures. You are solely responsible for the security, protection and backup of your data related to using the White Hat Services, and any other data, software or services you use in connection with the White Hat Services. You are responsible for maintaining the confidentiality of any non-public authentication credentials associated with your use of the White Hat Services. You must keep your accounts and passwords confidential. You must promptly notify our customer support team about any possible misuse of your accounts or authentication credentials, or any security incident related to the White Hat Services. 5. NOTICES 5.1. Notices to You We may provide you with information, updates about the White Hat Services in electronic form. It may be via email to the address you provide when you sign up for the White Hat Services, or through a channel that we designate for such a purpose. Notice via e-mail is given as of the transmission date. Notices provided via posting on a portal or community development centre web site will be deemed given on the date they are posted. As long as you use the White Hat Services, you have the software and hardware needed to receive these notices. In addition, various service communications may be sent via email to account administrators you designate and may update via the Portal or via primary and secondary channels of communication defined in the EUSA. 5.2. Notices to White Hat You will provide notices to us in the manner set forth in the EUSA or any services Schedules or the Portal, as applicable. 6. WARRANTIES 6.1. Limited warranty White Hat warrants to Customer that it will perform its obligations to the best of its abilities and in a workmanlike manner. The remedies, if any, in our SLA, applicable to a particular portion of the White Hat Services are Customer’s sole and exclusive remedies with respect to such portion of the White Hat Security Services related to the failure to meet any standards set forth in the SLA. White Hat does not warrant that the White Hat Services will detect and prevent all possible threats and vulnerabilities or that such services will render Customer’s network and systems invulnerable to security breaches or vulnerabilities. 6.2. Limited warranty exclusions This limited warranty is subject to the following limitations: (a) any implied warranties, guarantees, or conditions not able to be disclaimed as a matter of law will last one year from the start of the limited warranty; (b) this limited warranty does not cover problems caused by accident, abuse, or use of the Products in a manner inconsistent with this agreement or our published documentation or guidance, or resulting from events beyond our reasonable control: (c) this limited warranty does not apply to problems caused by a failure to meet minimum system requirements. 6.3. Third-party warranties For any third-party products and/or services incorporated as part of the White Hat Services, Customer will receive only the warranties offered by such third party to the extent White Hat may pass on such warranties to Customer. 6.4. Customer warranties Customer represents and warrants that (a) it has and will continue to have all rights, power, permissions and authority necessary to have White Hat perform the White Hat Services in the Customer environment (including, without limitation, all rights, power, permissions, authority and network user consents necessary in respect of any IP address assigned to a supported device and any consent needed from its network users with respect to any logging and monitoring activities conducted by White Hat relating to such White Hat Service), and (b) will not provide any data records to White Hat for purposes of White Hat’s performance of a White Hat Service unless such provision of data records is specifically contemplated by the Agreement and the parties have entered into a business associate agreement covering the provision of such data records. Customer hereby assumes the sole responsibility for the accuracy of the IP addresses and domains provided to White Hat. Customer will be liable for all costs and expenses from any third-party claims of loss, damage (including reasonable attorneys’ fees) and liability of any kind that may be incurred as a result of Customer’s breach of the foregoing warranty. 6.5. DISCLAIMER Other than the warranty in 5.1 and 5.2, White Hat provides no warranties, whether express, implied, statutory, or otherwise, including warranties of merchantability or fitness for a particular purpose. These disclaimers will apply except to the extent applicable law does not permit them. 7. ASSUMPTION OF RISK 7.1. Network scanning risks White Hat Services involve the use of network scanning technology that has inherent risks, including, but not limited to, the loss, disruption, or performance degradation of Customer’s or a third party’s business processes, telecommunications, computer products, utilities, or data (the “Scanning Risks”). When Customer requests network scanning, or any Managed Security Services component utilizing network scanning, Customer authorizes White Hat to perform the network scanning and assumes all risk for adverse consequences resulting from or associated with such component of the White Hat Services. White Hat will take all reasonable steps to mitigate Scanning Risks; however, Customer understands that Scanning Risks are inherent in the provision of certain computer security services and the use of certain computer security products and cannot be eliminated. Customer will indemnify and defend White Hat for all costs and expenses related to a third party’s claim of loss, damages and liabilities (including legal expenses and the expenses of other professionals) incurred by White Hat, resulting directly or indirectly from any claim attributable to or arising out of White Hat’s use of network scanning technology (each, a “Scanning Claim”), including, without limitation, the use by White Hat of network scanning technology to analyse assets that are not controlled directly by Customer, including, without limitation, servers hosted by third parties. This obligation of Customer in connection with a Scanning Claim will not apply if White Hat’s gross negligence or wilful misconduct gave rise to such Scanning Claim. 7.2. Modification and encryption When Customer requests any White Hat Service that results in the encryption or similar modification of any drive or other storage device, Customer will ensure that all data on drives and storage devices to be encrypted or otherwise modified is appropriately backed up prior to the initiation of such White Hat Service and assumes all risk for adverse consequences resulting from or associated with the encryption or similar modification of one or more drives or storage devices. White Hat will take reasonable steps to mitigate risks associated with such White Hat Service; however, Customer understands that these risks are inherent in the provision of certain computer security services and that White Hat will have no liability for data lost or damaged due to the encryption or similar modification of any drive or storage device as a result of the performance of such White Hat Service. 8. DEFENCE OF CLAIMS 8.1. Defence (a) We will defend you against claims made by an unaffiliated third party that a Product infringes that third party’s patent, copyright or trademark or makes unlawful use of its trade secret. (b) You will defend us against any claims made by an unaffiliated third party that (a) any Customer Data, Non-related Products, or services you provide, directly or indirectly, in using a Product, infringes the third party’s patent, copyright, or trademark or makes unlawful use of its trade secret; or (b) arises from violation of the Acceptable Use policy. 8.2. Limitations Our obligations in Section 8.1 (a) will not apply to a claim or award based on: (i) any Customer Data, Non-related Products, modifications you make to the Product, or services or materials you provide or make available as part of using the Product; (ii) your combination of the Product with, or damages based upon the value of, Customer Data or a Non-related Product, data, or business process; (iii) your use of a White Hat trademark without our express written consent, or your use of the Product after we notify you to stop due to a third-party claim; (iv) your redistribution of the Product to, or use for the benefit of, any unaffiliated third party; or (v) Products provided free of charge. 8.3. Remedies If we reasonably believe that a claim under Section 8.1(a) may bar your use of the Product, we will seek to: (i) obtain the right for you to keep using it; or (ii) modify or replace it with a functional equivalent and notify you to stop use of the prior version of the Product. If these options are not commercially reasonable, we may terminate your rights to use the Product and then refund any advance payments for unused Subscription rights. 8.4. Obligations Each party must notify the other promptly of a claim under this Section 8. The party seeking protection must (i) give the other sole control over the defence and settlement of the claim; and (ii) give reasonable help in defending the claim. The party providing the protection will (1) reimburse the other for reasonable out-of-pocket expenses that it incurs in giving that help and (2) pay the amount of any resulting adverse final judgment or settlement. The parties' respective rights to defence and payment of judgments (or settlement the other consents to) under this Section 8. are in lieu of any common law or statutory indemnification rights or analogous rights, and each party waives such common law or statutory rights. 9. LIMITATION OF LIABILITY 9.1. Limitation For Products in trial provided free of charge White Hat’s liability does not apply. For Products during the Subscription and not in trial a limited warranty applies as per the professional liability insurance of White Hat or to the maximum extent of Customer’s monthly Subscription Fee under this Agreement, whichever is smaller. 9.2. EXCLUSION Neither party will be liable for loss of revenue or indirect, special, incidental, consequential, punitive, or exemplary damages, or damages for lost profits, revenues, business interruption, or loss of business information, even if the party knew they were possible or reasonably foreseeable. 9.3. Exceptions to limitations The limits of liability in this Section apply to the fullest extent permitted by applicable law, but do not apply to: (a) the parties’ obligations under Section 6; or (b) violation of the other’s intellectual property rights. 10. SUSPENSION OF SERVICE We may suspend or cancel your use of and access to all or any part of the White Hat Services at any time, due to actions outside of White Hat’s control, i.e. caused by third party (including but not limited to disruption of service of Microsoft, Zimperium or any other service providers whose services are necessary for the orderly operation of White Hat services). 11. THIRD-PARTY PRODUCTS OR SERVICES The parties agree that White Hat will not be liable for any damages caused by hardware, software, or other products or services furnished by parties other than White Hat, its agents, subcontractors, or any damages caused by the products and/or services delivered by or on behalf of White Hat, which have been modified, serviced, or otherwise attended to or maintained by parties other than White Hat. Customer acknowledges that White Hat will not be liable for any damages resulting, directly or indirectly, from any act or failure to act by Customer or any third party (including, without limitation, the non-performance, defaults, omissions or negligence of any third party that provides telecommunications services used to deliver the White Hat Services). 12. PRODUCT MODIFICATIONS White Hat’s licensors and other vendors may add or remove products (including products delivered “as a service”) or product support from its offerings or modify existing products or support in accordance with their policies, which may include end-of-life policies. Customer acknowledges and agrees that White Hat may modify or change its White Hat Services to the extent they are affected by changes to such products. If White Hat modifies the White Hat Services pursuant to this provision, White Hat will use its commercially reasonable efforts to maintain, to the extent reasonably practicable, comparable services at the same or a better level of service as provided for in the Agreement. 13. USAGE OF THIRD-PARTY PRODUCTS White Hat intends to use certain third-party products and services as part of the delivery of the White Hat Services that it has licensed, or otherwise obtained the right to use, from third party licensors or vendors (each a “Third-Party Provider”). Such products (the “Third-Party Products”) may, as appropriate, (i) be installed on devices with respect to which White Hat will be providing Managed Security Services or (ii) otherwise made available to Customer in connection with Customer’s receipt of the White Hat Services. With respect to the Third-Party Products, Customer agrees as follows: 13.1. End User Services and License Agreements To be bound and abide by to the terms and conditions set forth in the Online Service Terms for Microsoft Defender for Endpoint and Zimperium End User License Agreement. Customer further agrees that the EULA will be made available to each End User of software pursuant to any White Hat Service. 13.2. Ownership of Third-Party Products The Third-Party Product(s), including, without limitation, their object code and source code, are strictly confidential to the Third-Party Provider. The Third-Party Provider (or its licensors) own exclusively and reserve all, and Customer may not exercise any: right, title, and interest in and to the Third-Party Product(s), including, without limitation, all intellectual property rights in and to the Third-Party Product(s), except to the extent of the limited use license or right to use granted to Customer pursuant to the EULA. The Agreement and these Terms and Conditions are not an agreement of sale, and no title, intellectual property rights, or ownership rights to the Third-Party Product(s) are transferred to Customer pursuant these Terms and Conditions, any Agreement, or otherwise. Customer acknowledges and agrees that the Third-Party Product(s) and all ideas, methods, algorithms, formulae, processes, and concepts used in developing or incorporated into the Third-Party Product(s), all future updates and upgrades, and all other improvements, revisions, corrections, bug-fixes, hotfixes, patches, modifications, enhancements, releases, DATs, signature sets, upgrades, and policy and database updates and other updates in, of, or to the Third-Party Product(s), all derivative works based upon any of the foregoing, and all copies of the foregoing are trade secrets and proprietary property of the Third-Party Provider, having great commercial value to the Third-Party Provider. Customer may not, and may not cause or allow any other party to: (1) decompile, disassemble or reverse engineer the Third-Party Product(s); or create or recreate the Source Code for the Third Party Product(s); (2) remove, erase, obscure, or tamper with any copyright or any other product identification or proprietary rights notices, seal, or instructional label printed or stamped on, affixed to, or encoded or recorded in or on any Third-Party Product(s) or End User Documentation; or fail to preserve all copyright and other proprietary notices in all copies of the Third-Party Product(s) and End User Documentation; (3) lease, lend or use the Third-Party Product(s) for timesharing or service bureau purposes or sell, market, license, sublicense, distribute, or otherwise grant to any person or entity any right to use the Third-Party Product(s); (4) use the Third-Party Product(s) to provide, alone or in combination with any other product or service, any product or service to any person or entity, whether on a fee basis or otherwise except to the extent expressly permitted in these Terms and Conditions or the Agreement; (5) modify, adapt, tamper with, translate, or create derivative works of the Third-Party Product(s) or the End User Documentation; combine or merge any part of the Third-Party Product(s) or End User Documentation with or into any other software or documentation; or refer to or otherwise use the Third-Party Product(s) as part of any effort to develop software or cloud services (including, without limitation, any routine, script, code, or program) having any functional attributes, visual expressions, or other features similar to those of the Software or to compete with the Third-Party Provider; (6) except with the Third-Party Provider’s prior written permission, publish any performance or benchmark tests or analysis relating to the Third-Party Product(s); or (7) attempt to do any of the foregoing. 14. MODIFYING THE TERMS; ADDITIONAL TERMS 14.1. Modifying the Terms We may modify this Agreement at any time and will provide notice of any modifications. The most current version of the agreement is available via the “Terms” link provided on the Portal site for the White Hat Services or via another channel defined beforehand. If you do not agree to any modifications, you must immediately stop using the White Hat Services. Your continued use of the White Hat Services constitutes acceptance of the modified agreement. 14.2. Additional Terms This agreement incorporates by reference any additional terms or conditions applicable to particular aspects of the Online Services, including without limitation the SLA and third-party end user license agreements and service agreements. 15. TERM; TERMINATION 15.1. Term This agreement will remain in effect until the expiration of your trial period or Subscription or until the EUSA is in effect. 15.2. Termination We may terminate your use of the White Hat Services, your Subscription and your account immediately without notice, or terminate this agreement at any time for any reason. Upon cancellation, suspension or termination, your right to use the Products stops immediately and you must stop using all Products and related data (including, for avoidance of doubt, any information provided as part of a White Hat or third party security data feed). White Hat may assist you in migrating your Customer Data to a paid Subscription, at White Hat’s sole discretion. You are solely responsible for backing up your Customer Data. You may stop using and accessing the Products at any time without further obligation, unless specified otherwise in the EUSA (see Commitment period). 16. NO THIRD-PARTY BENEFICIARIES There are no third-party beneficiaries to this agreement. 17. WAIVER Failure to enforce any provision of this agreement will not constitute a waiver. 18. APPLICABLE LAW AND VENUE The is agreement is governed by the law of Hungary, without regard to its conflict of laws principles. Regarding all matters not stipulated in the present agreement, the relevant legal regulations of Hungary shall be binding. Any action to enforce this agreement must be brought in Hungary. This choice of jurisdiction does not prevent either party from seeking injunctive relief in any appropriate jurisdiction with respect to a violation of intellectual property rights. Any dispute or difference which arises between the Parties out of or in connection with present agreement Parties appoint the ‘Budapest District Court for the II. and III. Districts’, and ‘Székesfehérvár Regional Court’ as relevant Courts of Hungary depending on the disputed value. 19. ENTIRE AGREEMENT This Agreement is the entire agreement concerning its subject matter and supersedes any prior or concurrent communications. In the case of a conflict between documents in this agreement that is not expressly resolved in those documents, their terms will control in the following order of descending priority: (1) the End User Service Agreement, (2) this EULA and White Hat Managed Security Services Subscription Agreement, (3) the SLA, and (4) any other documents in or related to this agreement. 20. ASSIGNMENT Parties may not assign this agreement either in whole or in part or transfer licenses without the prior written consent of the other Party. 21. SURVIVAL. The terms in Sections 5, 6, 7, 8 and 12-20 will survive termination or expiration of this agreement. 22. FORCE MAJEURE Neither party will be liable for any failure in performance due to causes beyond that party's reasonable control (such as fire, explosion, power blackout, earthquake, flood, pandemic, severe storms, strike, embargo, labour disputes, acts of civil or military authority, war, terrorism (including cyber terrorism), acts of God, acts or omissions of Internet traffic carriers, actions or omissions of regulatory or governmental bodies (including the passage of laws or regulations or other acts of government that impact the delivery of Online Services)). This Section will not, however, apply to your payment obligations under this agreement.