THIS SOPHOS END USER TERMS OF USE (“AGREEMENT”) BETWEEN CUSTOMER AND SOPHOS LIMITED (“SOPHOS”) GOVERNS CUSTOMER’S ACCESS AND USE OF THE SOPHOS PRODUCTS (WHICH INCLUDES SOFTWARE, CLOUD SERVICES AND MANAGED SERVICES) AND IS A LEGALLY BINDING AND ENFORCEABLE CONTRACT. BY CLICKING A BOX INDICATING ACCEPTANCE OR AGREEMENT, OR BY ACCESSING OR USING THE PRODUCT, CUSTOMER AGREES TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT IS ACCEPTING ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, SUCH INDIVIDUAL REPRESENTS THAT THEY HAVE THE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT. IF THE CUSTOMER DOES NOT AGREE TO THE TERMS AND CONDITIONS OF THIS AGREEMENT, DO NOT ACCESS OR USE THE PRODUCT. If you wish to view the Agreement in another language, visit any of the following pages: Spanish, French, Italian, German, Chinese Traditional, Chinese Simplified, and Japanese. 1. DEFINITIONS 1.1 “Affiliate” means, with respect to each party, an entity that controls, is controlled by, or is under common control with such party. For the purposes of this definition, “control” means the beneficial ownership of more than fifty percent (50%) of the voting power or equity in an entity. 1.2 “Beta Product” means any Product (or portion of a Product) that Sophos identifies as beta, pre-release, early access, or preview, and that is made available to Customer during the Subscription Term but not made generally available for use. 1.3 “Cloud Service” means the hosted software-as-a-service offering or other cloud-enabled feature of the Software. 1.4 “Confidential Information” means any non-public, confidential, or proprietary information of the disclosing party that is clearly marked confidential or reasonably should be assumed to be confidential given the nature of the information and the circumstances of disclosure. 1.5 “Customer” means the company or legal entity identified in the applicable Schedule, or in the event there is no applicable Schedule, “Customer” means: (a) the company or legal entity on whose behalf a User accesses or uses the Service, or (b) an individual who accesses or uses the Service on such individual’s own behalf. 1.6 “Customer Content” means all software, data (including Personal Data), non-Sophos or third-party applications, and any other content, communications, or material, in any format, and any system, network, or infrastructure provided or made accessible by Customer or User to Sophos in connection with Customer’s access and use of the Product. 1.7 “Documentation” means any technical specifications, online help content, user manuals, or similar materials pertaining to the implementation, operation, access, and use of the Product that are made available by Sophos, as may be revised by Sophos from time to time. 1.8 “Entitlement” means the quantity of units of the Product that Customer has purchased and the associated Subscription Term, each as set forth on the applicable Schedule. 1.9 “Fixes” means any custom or sample code, files, or scripts provided by Sophos as part of the provision of technical support for Hardware or Product that do not form part of Sophos’s standard offerings. 1.10 “Hardware” means any Sophos appliance or physical computing components (whether new or refurbished, and whether or not subject to payment of a fee) on which the Software operates, and any related components or peripherals (including, but not limited to, power cords, fans, power supply modules, drives, carries, ship kits, and rack mount kits). 1.11 “Managed Service” means Sophos Managed Threat Response, Sophos Managed Threat Detection, Sophos Rapid Response or other associated security services as described in the applicable Service Description. 1.12 “Partner” means Sophos authorized reseller, distributor, or other independent third party from which Customer purchases a subscription to the Product. 1.13 “Personal Data” means any information relating to an identified or identifiable individual or that is otherwise defined as “personal data”, “personal information”, or “personally identifiable information” under applicable data protection laws. 1.14 “Product” means Software, Service, Trial Product, or Beta Product that Customer is authorized to access and use under the terms of this Agreement, including any applicable support and maintenance services, Documentation, and any Fixes. 1.15 “Sanctions and Export Control Laws” means any law, regulation, statute, prohibition, or similar measure applicable to the Product and/or to either party relating to the adoption, application, implementation, and enforcement of economic sanctions, export controls, trade embargoes, or any other restrictive measures, including, but not limited to, those administered and enforced by the European Union, the United Kingdom, and the United States, which shall be considered applicable to the Product. 1.16 “Schedule” means the order confirmation issued by Sophos, or other equivalent documentation, that details Customer’s purchase of a Product and the Entitlement, and may include other access and use details for the Product. 1.17 “Service” means a Managed Service or Cloud Service that Customer is authorized to access and use under the terms of this Agreement. 1.18 “Service Description” means Sophos’s description of a Managed Service’s features, including any additional Service-specific terms and requirements, available at https://www.sophos.com/en-us/legal. 1.19 “Software” means Sophos computer programs including updates, upgrades, firmware, including any software embedded in Hardware, and applicable Documentation. 1.20 “Sophos Materials” means (i) all Sophos proprietary materials, any written or printed summaries, analyses or reports generated in connection with a Product, including written reports that are created for Customer in the course of providing a Service, and (ii) data generated by Sophos in connection with Customer’s use of a Product, including but not limited to, detections, threat data, indicators of compromise and any contextual data (but excluding Customer Content). 1.21 “Subscription Term” means the term of Customer’s authorized access and use of the Product, as set forth in the applicable Schedule. 1.22 “Third Party Services” has the meaning set forth in Section 3.3 below. 1.23 “Threat Intelligence Data” means any information about malware, threats, actual or attempted security events, including but not limited to their frequency, source, associated code, general identifiers, attacked sectors and geographies. 1.24 “Trial Product” has the meaning set forth in Section 2.4(a) below. 1.25 “Trial Term” has the meaning set forth in Section 2.4(a) below. 1.26 “Usage Data” means any diagnostic and usage-related information from the use, performance and operation of the Product, including, but not limited to, type of browser, Product features, and systems that are used and/or accessed, and system and Product performance-related data. 1.27 “Use Level” has the meaning set forth in Section 2.2 below. 1.28 “User” means Customer’s and its permitted Affiliates’ employees, contractors, and similar personnel authorized by Customer or its Affiliates to access and use the Product on such entity’s behalf. 2. PRODUCT USE AND RESTRICTIONS 2.1 License and Right to Access and Use. Subject to Customer’s compliance with the terms of this Agreement, Sophos grants Customer a non-exclusive, non-transferable, worldwide license and right to access and use the Product listed in the Schedule during the applicable Subscription Term solely for Customer’s internal information security purposes, except that Customers may use Sophos Factory for Customer’s internal business purposes. Customer may permit its Affiliates and Users to use the Product in accordance with this Agreement, provided that Customer remains fully responsible and liable for their use of the Product and compliance with the terms and conditions of this Agreement. Customer may make a reasonable number of copies of the Software for backup or disaster recovery purposes. Additionally, during the Agreement term, Sophos grants to Customer a limited, non-exclusive license to use such Sophos Materials solely and for Customer’s own internal information security purposes only. 2.2 Use Level. The Entitlement together with the defined Product unit(s) or meter(s) specified in the Licensing Guidelines at https://www.sophos.com/en-us/legal.aspx form the applicable Customer access and use level (“Use Level”). Customer may access and use the Product in accordance with the applicable Use Level, and may not exceed the Use Level at any time. Customer’s use and access of the Product in excess of its Entitlement may result in degraded, incomplete, or failed Service delivery. If Customer wishes to increase its Use Level, it must first purchase the corresponding additional Entitlement. If Customer exceeds its Use Level, Customer will pay any invoice for such excess use issued by Sophos or a Partner in accordance with Section 6. 2.3 Restrictions. Except as specifically permitted in this Agreement, Customer will not (and will not allow an Affiliate, User, or third party to), directly or indirectly: (a) sublicense, resell, rent, lease, distribute, market, commercialize, or otherwise transfer rights to, or usage of, all or any portion of the Product, or provide the Product on a timesharing, service bureau, or other similar basis; (b) modify, copy, adapt, translate, create derivative works of, reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of, any part of the Product, except when expressly permitted by law and when essential to achieve interoperability of the Software with another software program; (c) remove, alter, or obscure any proprietary rights notices contained in or affixed to the Product; (d) attempt to gain unauthorized access to the Product; (e) attempt to disrupt, degrade, impair, or violate the integrity, security, or performance of the Product, including, without limitation, by executing any form of network monitoring; (f) use the Product to store, transmit, or propagate any viruses, software routines, or other code designed to permit unauthorized access, to disable, erase or otherwise harm software, hardware or data, or to perform any other harmful actions; (g) upload any content to Product that is unlawful, pornographic, obscene, indecent, harassing, racially or ethnically offensive, harmful, threatening, discriminatory, defamatory, or facilitates or promotes illegal activities; (h) take any action that imposes or may impose an unreasonable or disproportionately large load on Sophos’s infrastructure, as determined by Sophos in its sole discretion; (i) disable or circumvent any monitoring or billing mechanism related to the Product; (j) use any feature of Sophos APIs for any purpose other than in the performance of, and in accordance with, this Agreement; or (k) access or use the Product in a manner that violates applicable law or regulation, infringes third party rights, or violates the terms and conditions of this Agreement. 2.4 Trial Products, Beta Products, Free Products and Fixes. (a) If Sophos permits Customer to conduct a free trial or evaluation of a Product (“Trial Product”), Customer may access and use the Trial Product for thirty (30) days, or such other duration specified by Sophos in writing (“Trial Term”). (b) From time to time, Sophos may invite Customer to try a Beta Product, for a period specified by Sophos and at no charge, which Customer may accept or decline in Customer’s sole discretion. Customer will comply with testing guidelines that Sophos provides in connection with Customer’s access and use of a Beta Product and will make reasonable efforts to provide Feedback in accordance with Section 5.3. Sophos may discontinue a Beta Product at any time in its sole discretion and may not make it generally available. (c) Trial Products and Beta Products are provided for internal testing and evaluation solely for Customer’s own internal information security purposes. (d) Sophos may make certain Products, portions of certain Products, or certain usage tiers available free of charge (“Free Product”). Customer’s right to access and use Free Product is not guaranteed for any period of time and Sophos reserves the right, in its sole discretion, to: (i) limit or terminate Customer’s use of Free Product; or (ii) reduce, change or deprecate the functionality of Free Product. For Free Product, only community support is available via https://community.sophos.com. Sophos may make certain Products available for personal use (“Home Use License”). Customer may only use Products made available under Home Use License for their own non-commercial personal use and not for any other purposes. Fixes may only be used in conjunction with the Hardware or Product for which such Fixes were developed. (e) TRIAL PRODUCTS, BETA PRODUCTS, FREE PRODUCTS, HOME USE LICENSES AND FIXES ARE PROVIDED “AS IS” WITHOUT ANY SUPPORT, INDEMNITY, LIABILITY OR REMEDY OF ANY KIND. TO THE EXTENT ALLOWED BY APPLICABLE LAW, SOPHOS EXPRESSLY DISCLAIMS ALL WARRANTIES AND CONDITIONS OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTY, CONDITION, OR OTHER IMPLIED TERM AS TO MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF TRIAL PRODUCTS, BETA PRODUCTS, FREE PRODUCTS, HOME USE LICENSES, OR FIXES. (f) The terms of this Section 2.4 apply, and prevail over any conflicting terms in this Agreement, with respect to all access to and use of Trial Products, Beta Products, Free Products, Home Use Licenses or Fixes. 2.5 Modifications to Product and Agreement. 2.5.1 Product. Sophos may in its sole discretion modify or update the Product from time to time without materially reducing or degrading its overall functionality. 2.5.2 Agreement. (a) Sophos may modify the terms of this Agreement from time to time by posting a modified version on https://www.sophos.com/legal.aspx or an alternate site Sophos identifies. Unless otherwise noted by Sophos, all modifications will apply to any Entitlements acquired or renewed after the date of modification. If Sophos makes any material change to the Agreement that will become effective upon an earlier date (“Immediate Modification”), Sophos will notify Customers: (i) in accordance with Section 11.2 (Notice); or (ii) by posting a notice in the Product console. (b) In the event of an Immediate Modification, except where required by law, regulation, court order, or guidance issued by a government regulator, Customer will have the right to terminate the Agreement within thirty (30) days of the date of Sophos’s Immediate Modification notice if Customer objects to such Immediate Modification, and the termination will be effective at the end of the thirty (30) day period. Customer’s or a User’s continued access and use of the Product following thirty (30) days after the date of the Immediate Modification notice will constitute Customer’s acceptance of the Immediate Modification and updated Agreement. If Customer terminates the Agreement as provided in this paragraph, Sophos will provide or authorize a pro rata refund of the fees paid by Customer to Sophos or the Partner, respectively, for the remainder of the applicable Subscription Term. Customer will be responsible for all fees incurred prior to the effective date of termination. 2.6 Support. Sophos will provide the technical support specified in the applicable Schedule or documentation during the Subscription Term. Additional technical support packages may be available for an additional fee. Technical support packages are described at: https://www.sophos.com/en-us/support/technical-support.aspx. From time to time, Sophos performs scheduled maintenance to update the servers, software, and other technology that are used to provide the Service and will use commercially reasonable efforts to provide prior notice of such scheduled maintenance. Customer acknowledges that, in certain situations, Sophos may need to perform emergency maintenance of the Service without providing prior notice. 2.7 Open Source. The Product may contain open source software that are made available under applicable open source license agreements. This Agreement does not alter any rights or obligations Customer may have under the applicable open source licenses. Any open source software that is delivered as part of the Product and which may not be removed or used separately from the Product is covered by the warranty, support and indemnification provisions applicable to the Product. 2.8 Hardware. The use of Hardware is governed by this Agreement, as modified by the Sophos Hardware Terms available at https://www.sophos.com/en-us/legal/sophos-hardware-terms. In the event of any conflict between the Sophos Hardware Terms and this Agreement, the Sophos Hardware Terms will take precedence. 3. CUSTOMER OBLIGATIONS 3.1 Access and Use. Customer is solely responsible for: (a) accessing and using the Product in accordance with the Documentation; (b) determining the suitability of the Product for Customer’s internal information security purposes; (c) configuring the Product appropriately; (d) complying with any regulations and laws (including, without limitation, export, data protection, and privacy laws) applicable to Customer Content and Customer’s use of the Product; (e) Customer’s and Users’ access and use of the Product; (f) all activity occurring under Customer’s Product and support accounts, including the rights and privileges Customer grants to Users and any activity undertaken or decision made by Users regarding Product delivery and usage; (g) providing all reasonable information and assistance required for Sophos to deliver the Product, or enable Customer’s or Users’ access and use of the Product; (h) using reasonable means to protect the account information and access credentials (including passwords and devices, or information used for multi-factor authentication purposes) used by Customer and Users to access the Product; and (i) promptly notifying Sophos of any unauthorized account use or other suspected security breach, or unauthorized use, copying, or distribution of the Product or Customer Content. 3.2 Accuracy of Information. Customer agrees to provide complete and accurate Customer and User identification information in connection with access to and use of the Product, including but not limited to providing reasonable Customer and User contact details and information upon Sophos's or Partner’s request. 3.3 Third Party Services. The Product may enable or require Customer to associate its Product account with, link to, or otherwise access, third parties’ websites, platforms, content, products, services, or information (“Third Party Services”). Third Party Services are not part of the Product, and Sophos does not control and is not responsible for the Third Party Services. Customer is solely responsible for: (a) obtaining and complying with any terms of access and use of the Third Party Services, including any separate fees or charges imposed by the provider of the Third Party Services; and (b) configuring the Third Party Services appropriately. Sophos disclaims all responsibility and liability arising from or related to Customer’s access or use of the Third Party Services, including any impact on Product capabilities as a result of Customer’s use of, or reliance upon, the Third Party Services. 3.4 Critical Applications. The Product is not fault tolerant and use of the Product is not recommended in or in association with safety critical applications where the failure of the Products to perform can reasonably be expected to result in death, personal injury, loss of property, or severe physical or environmental damage. Any use contrary to this disclaimer is at Customer’s own risk and Sophos is not liable for such use. 4. CUSTOMER CONTENT; PROTECTION OF CUSTOMER CONTENT; CONFIDENTIALITY; USE OF DATA 4.1 Customer Content. Customer is solely responsible for all Customer Content, including but not limited to its accuracy, quality, and legality. Customer represents and warrants that it: (a) has the legal rights to provide Customer Content to Sophos or/and to other users of the Product as applicable; (b) has provided any required notices and has obtained any consents and/or authorizations (including any required from Users) related to its access and use of the Product and the processing of and access to Customer Content by Sophos; and (c) will comply with all applicable laws and regulations for collecting and processing Customer Content, and transferring Customer Content to Sophos. Customer is responsible for taking and maintaining appropriate steps to protect the confidentiality, integrity, and security of Customer Content, including but not limited to: (i) controlling access that Customer provides to Users; and (ii) backing up Customer Content. In some cases, Sophos may make certain Sophos consumer products available to Customer for personal use by users associated with Customer's organization or institution, and in such cases, Customer agrees that Customer is solely responsible for: (1) providing any required notices and (2) obtaining necessary consents and/or authorizations related to the access/use of the consumer products by the users and the processing of and access to users' information by Sophos. 4.2 Use of Customer Content by Sophos. Customer grants Sophos a non-exclusive, worldwide, royalty-free license to access and use the Customer Content to perform its obligations and exercise its rights under this Agreement. 4.3 Protection and Processing of Customer Content by Sophos. Sophos will maintain appropriate administrative, physical, and technical measures designed to protect the security, confidentiality, and integrity of Customer Content processed by Sophos. The Data Processing Addendum (“DPA”) located at https://www.sophos.com/en-us/legal/data-processing-addendum is incorporated by reference into this Agreement if the provision of Product constitutes any "processing" by Sophos of any "personal data" on behalf of Customer within the Customer Content, but only to the extent such processing falls within the scope of "Applicable Data Protection Laws" (each term as defined in the DPA). In the event of any conflict between the terms of the DPA and this Agreement, the terms of the DPA will take precedence. 4.4 Content Restrictions. If Customer’s access and use of the Product requires Customer to comply with industry-specific data security or data protection obligations, Customer will be solely responsible for such compliance. Customer may not use the Product in a way that would subject Sophos to those industry-specific regulations without obtaining Sophos’ prior written agreement. 4.5 Confidentiality. (a) Each party acknowledges that it and its Affiliates (“Receiving Party”) may have access to Confidential Information of the other party and its Affiliates (“Disclosing Party”) in connection with this Agreement. The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own Confidential Information of like kind (but not less than reasonable care). The Receiving Party agrees to (i) not use any Confidential Information for any purpose other than to perform its obligations and exercise its rights under this Agreement, and (ii) restrict dissemination of Confidential Information only to individuals or third parties with a “need to know” such information and who are under a substantially similar duty of confidentiality. A Receiving Party may disclose the Disclosing Party’s Confidential Information in any legal proceeding or as required as a matter of applicable law or regulation (such as in response to a subpoena, warrant, court order, governmental request, or other legal process); provided, however, that to the extent permitted by applicable law, the Receiving Party will (1) promptly notify the Disclosing Party before disclosing the Disclosing Party’s Confidential Information; (2) reasonably cooperate with and assist the Disclosing Party, at the Disclosing Party’s expense, in any efforts by the Disclosing Party to contest the disclosure; and (3) disclose only that portion of the Disclosing Party’s Confidential Information that is legally required to be disclosed. (b) Notwithstanding the above, a Disclosing Party’s Confidential Information will not include information that: (i) is or becomes a part of the public domain through no act or omission of the Receiving Party; (ii) was in the Receiving Party’s lawful possession prior to the disclosure by the Disclosing Party and had not been obtained by the Receiving Party either directly or indirectly from the Disclosing Party; (iii) is lawfully disclosed to the Receiving Party by a third party without restriction on the disclosure; or (iv) is independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information. 4.6 Usage Data and Threat Intelligence Data. Sophos may collect, access, use, process, transmit, or store Usage Data and Threat Intelligence Data for: (a) product improvement; (b) research and development purposes; and (c) deriving statistical data using information that is aggregated, anonymized, de-identified, or otherwise rendered not reasonably associated or linked to an identifiable individual or to Customer or Users (“Statistical Data”). Sophos retains all intellectual property rights in such Statistical Data. Sophos may share Threat Intelligence Data (including from Customer Content, if it is anonymized, de-identified, or otherwise rendered not reasonably associated or linked to an identifiable individual or Users) with selected reputable members of the IT industry for the purposes of promoting awareness of security risks, and anti-spam and security threat research. 5. OWNERSHIP RIGHTS 5.1 Customer Ownership. Except as expressly provided otherwise in this Agreement, as between Sophos and Customer, Customer retains all right, title, and interest in and to Customer Content. 5.2 Sophos Ownership. As between Sophos and Customer, Sophos retains all right, title, and interest, including all intellectual property rights, in and to the Product and Sophos Materials, including all improvements, enhancements, modifications, derivative works, logos, and trademarks. Sophos reserves all rights in and to the Product that are not expressly granted under this Agreement. 5.3 Feedback. Customer or Users may provide suggestions, enhancement or feature requests, or other feedback to Sophos with respect to the Product (“Feedback”). If Customer provides Feedback, Sophos may use the Feedback without restriction and without paying any compensation to Customer, and Customer hereby irrevocably assigns to Sophos all intellectual property rights in and to such Feedback. 6. FEES, PAYMENT AND TAXES If Customer is purchasing a subscription to the Product from a Partner, all provisions related to fees, taxes, and payment terms will be exclusively between the Partner and Customer. Otherwise, Customer will pay Sophos, or the local Sophos sales Affiliate, the fees for the Product within thirty (30) days of the invoice date (in the currency and via the payment method specified on the invoice), unless otherwise noted in the applicable invoice. If permitted by applicable law, any delay in making payment shall entitle Sophos to charge interest on the overdue payment. All fees are exclusive of value added tax and any other federal, state, municipal, or other governmental taxes, duties, licenses, fees, excises, or tariffs, and Customer is responsible for paying any taxes assessed based on Customer’s purchases under the Agreement. 7. WARRANTIES; DISCLAIMERS; LIMITATION OF LIABILITY 7.1 Warranties. Each party warrants to the other party that it has the requisite authority to enter into this Agreement. Sophos warrants that: (a) for a period of ninety (90) days from the purchase date the Software will perform substantially in accordance with the Documentation; and (b) during the Subscription Term, it will provide the Services using commercially reasonable skill and care, and the Services will materially conform to the corresponding Documentation. Customer’s sole and exclusive remedy for Sophos’s breach of the foregoing warranty is, at Sophos’s option, either (i) repair or replacement of the Product, or (ii) a pro rata refund of the fees paid to Sophos or a Partner for the period in which Sophos was in breach of the foregoing warranty. This warranty is conditioned upon Customer providing Sophos prompt written notice of the Product’s non-conformity, and using the Product in compliance with this Agreement and in accordance with the Documentation. Where Sophos provides a refund of fees paid for Software, Customer must return or destroy all copies of the applicable Software. 7.2 Warranty Disclaimer. EXCEPT AS EXPRESSLY STATED IN SECTION 7.1, TO THE EXTENT ALLOWED BY APPLICABLE LAW, SOPHOS AND ITS THIRD-PARTY LICENSORS AND SUPPLIERS EXPRESSLY DISCLAIMS ALL WARRANTIES AND CONDITIONS OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTY, CONDITION, OR OTHER IMPLIED TERM AS TO MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THE PRODUCT. SOPHOS MAKES NO WARRANTY OR REPRESENTATION THAT THE PRODUCT: (A) WILL BE UNINTERRUPTED, COMPLETELY SECURE, ERROR-FREE, FAILSAFE, OR FREE OF VIRUSES; (B) WILL MEET CUSTOMER’S BUSINESS REQUIREMENTS OR OPERATE WITH CUSTOMER’S CURRENT SYSTEMS; OR (C) WILL IDENTIFY OR REMEDIATE ALL THREATS OR INDICATORS OF COMPROMISE. SOPHOS IS NOT RESPONSIBLE FOR ANY ISSUES RELATED TO THE PERFORMANCE, OPERATION, OR SECURITY OF THE PRODUCT THAT MAY ARISE FROM CUSTOMER CONTENT, THIRD PARTY SERVICES, OR ANY OTHER SERVICES PROVIDED BY THIRD PARTIES. SOPHOS DISCLAIMS ANY RESPONSIBILITY OR LIABILITY FOR ANY INTERCEPTION OR INTERRUPTION OF ANY COMMUNICATIONS THROUGH THE INTERNET, NETWORKS, OR SYSTEMS OUTSIDE SOPHOS’S CONTROL. 7.3 Limitation of Liability. IN NO EVENT WILL EITHER PARTY BE LIABLE FOR ANY INDIRECT, CONSEQUENTAL, INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY DAMAGES, OR ANY LOSS OF REVENUES, BUSINESS, PROFITS (IN EACH CASE WHETHER DIRECT OR INDIRECT), OR DATA LOSS OR CORRUPTION IN CONNECTION WITH THIS AGREEMENT OR THE PRODUCT, EVEN IF THE DAMAGES WERE FORESEEABLE OR A PARTY HAD BEEN ADVISED OF THE POSSIBILITY OF THOSE DAMAGES. IN NO EVENT WILL THE AGGREGATE LIABILITY OF SOPHOS OR ITS AFFILIATES FOR DIRECT DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT OR THE PRODUCT EXCEED THE TOTAL AMOUNT PAID OR PAYABLE BY CUSTOMER TO SOPHOS OR THE PARTNER, AS APPLICABLE, UNDER THIS AGREEMENT DURING THE APPLICABLE SUBSCRIPTION TERM. THE LIMITATION OF LIABILITY HEREIN WILL NOT APPLY TO LIABILITY ARISING FROM A PARTY’S INFRINGEMENT OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS, INDEMNIFICATION OBLIGATIONS, OR THE FRAUD, GROSS NEGLIGENCE OR WILLFUL MISCONDUCT OF A PARTY. THE LIMITATIONS AND EXCLUSIONS OF LIABILITY IN THIS SECTION 7.3 APPLY (A) WHETHER SUCH CLAIMS ARISE UNDER CONTRACT, TORT (INCLUDING NEGLIGENCE), EQUITY, STATUTE, OR OTHERWISE, AND (B) NOTWITHSTANDING THE FAILURE OF THE ESSENTIAL PURPOSE OF ANY REMEDY. NOTHING IN THIS AGREEMENT LIMITS OR EXCLUDES ANY LIABILITY WHICH CANNOT BE LIMITED OR EXCLUDED UNDER ANY APPLICABLE LAW. 8. INDEMNIFICATION 8.1 Indemnification by Sophos. (a) Sophos will (i) indemnify, defend, and hold Customer harmless from any third party claim, action, suit, or proceeding alleging that Customer’s access and use of the Product in accordance with this Agreement infringes such third party’s patent, trademark, or copyright; and (ii) reimburse Customers’ reasonable attorney’s fees and costs actually incurred and any damages finally awarded against Customer by a court of competent jurisdiction or agreed to by Sophos in a settlement. If a third-party claim is made or appears likely to be made, Sophos, in its sole discretion, may: (1) procure the right for Customer to continue accessing or using the Product under the terms of this Agreement; or (2) modify or replace the Product to be non-infringing without material decrease in functionality. If Sophos, in its sole discretion, determines that neither of the foregoing options is reasonably feasible, Sophos may terminate the Customer’s license to or right to use the Product upon written notice to Customer, and provide or authorize a pro rata refund of the fees paid by Customer to Sophos or the Partner, respectively, for the remainder of the applicable Subscription Term. The foregoing shall be Sophos’s entire obligation and Customer’s exclusive remedy regarding any third-party claim against Customer. (b) Sophos will have no indemnity obligation for any claim to the extent such claim, in whole or in part, is based on: (i) a modification of the Product by Customer or a third party; (ii) access or use of the Product in a manner that violates the terms and conditions of this Agreement; (iii) technology, designs, instructions, or requirements provided by Customer or a third party on Customer’s behalf; (iv) combination, operation, or use of the Product with non-Sophos products, software, services, or business processes, if a claim would not have occurred but for such combination, operation, or use; or (v) Customer Content or Third Party Services. 8.2 Indemnification by Customer. Customer will indemnify, defend, and hold Sophos harmless, its Affiliates, and their officers, directors, employees, contractors, and agents against any claims, liabilities, and expenses (including court costs and reasonable attorneys' fees) that are incurred as a result of or in connection with: (a) Customer Content, including without limitation Customer’s failure to follow applicable laws, obtain all necessary consents related to Customer Content, or comply with Section 4.4 (Content Restrictions); (b) Customer's access or use of the Product in a manner not expressly permitted by this Agreement; (c) Customer’s violation of any third party rights; (d) Customer’s violation of applicable laws or regulations; or (e) any work product created in reliance on the Product and use of such work product by Customer or a third party. 8.3 Indemnification Procedures. The indemnified party (“Indemnitee”) will: (a) promptly notify the indemnifying party (“Indemnitor”) in writing of any indemnifiable claim; (b) give Indemnitor all reasonable assistance, at Indemnitor’s expense; and (c) give Indemnitor sole control of the defense and settlement of the claim. Any settlement of a claim will not include a specific performance obligation other than the obligation to cease using the Product, or an admission of liability by the Indemnitee, without the Indemnitee’s consent. The Indemnitee may join in the defense of an indemnifiable claim with counsel of its choice and at its own expense. 9. TERM AND TERMINATION 9.1 Term. This Agreement will remain in effect until the expiration of the applicable Subscription Term or Trial Term, unless earlier terminated pursuant to this Section 9.2. 9.2 Agreement Termination and Service Suspension. Either party may terminate this Agreement and any then-current applicable Schedule if the other party materially breaches its obligations hereunder and does not cure the breach within thirty (30) days after receipt of written notice of the breach. Sophos, in its sole discretion, may terminate the Agreement without liability if Sophos reasonably believes that Customer’s or User’s access and use of the Product could subject Sophos, its Affiliates or any third party to liability. Sophos may immediately suspend Customer’s or User’s access and use of the Service, or portions of the Service, if: (a) Sophos believes there is a significant threat to the functionality, security, integrity, or availability of the Service to Customer or to other customers; (b) Customer breaches Section 2.1 (License and Right to Use), Section 2.2 (Use Level) Section 2.3 (Restrictions), 6 (Fees, Payment, and Taxes); and/or Section 10.1 (Export Compliance). When reasonably practicable and lawfully permitted, Sophos will provide Customer with advance notice of any such Service suspension. Sophos will use reasonable efforts to re-establish the Service promptly after it determines that the issue causing the suspension has been resolved. Any Service suspension under this Section shall not excuse Customer’s payment obligations under this Agreement. 9.3 Effect of Termination. Upon termination or expiration of this Agreement: (a) all Customer rights under this Agreement relating to the Product will immediately terminate; (b) Customer is no longer authorized to access the Product or Customer’s account; and (c) Customer must destroy any copies of the Product within Customer’s control. Upon any termination by Customer for Sophos’s uncured material breach of the Agreement, Sophos will provide or authorize a pro rata refund of the fees paid by Customer to Sophos or the Partner, respectively, for the remainder of the applicable Subscription Term. Upon any termination by Sophos for Customer’s uncured material breach of the Agreement, Customer will pay any unpaid fees covering the remainder of the then-current Subscription Term. 9.4 Customer Content upon Termination. After termination or expiration of this Agreement, Customer agrees that Sophos has no obligation to Customer to retain Customer Content, which may thereafter be permanently deleted by Sophos. Sophos will protect the confidentiality of Customer Content residing in the Service for as long as such information resides in the Service. 9.5 End-of-Life. Customer’s right to use the Product, and any features of the Product, is subject to the end-of-life policy available at https://www.sophos.com/en-us/content/product-lifecycle.aspx. Customer acknowledges and agrees that it is Customer’s sole responsibility to review the end-of-life policy for each Product. 10. EXPORT CONTROL; COMPLIANCE WITH LAWS 10.1 Export Compliance. Customer is solely responsible for ensuring that the Product is used, accessed, and disclosed in compliance with Sanctions and Export Control Laws. Customer certifies that Customer or Users, or any party that owns or controls Customer or Users, are not (a) ordinarily resident in, located in, or organized under the laws of any country or region subject to economic or financial trade sanctions or trade embargoes imposed, administered, or enforced by the European Union, the United Kingdom, or the United States; (b) an individual or entity on the Consolidated List of Persons, Groups, and Entities Subject to European Union Financial Sanctions; the U.S. Department of the Treasury's List of Specially Designated Nationals and Blocked Persons or Foreign Sanctions Evaders List; the U.S. Department of Commerce's Denied Persons List or Entity List; or any other sanctions or restricted persons lists maintained by the European Union, the United Kingdom, or the United States; or (c) the target or subject of any Sanctions and Export Laws. Customer further certifies that it and Users will not, directly or indirectly, export, re-export, transfer, or otherwise make available (i) the Product, or (ii) any data, information, software programs, and/or materials resulting from the Product (or direct product thereof) to any person described in (a) through (c) or in violation of, or for any purpose prohibited by, Sanctions and Export Control Laws, including for proliferation-related end uses. Customer agrees that Sophos has no obligation to provide the Product where Sophos believes the provision of the Product could violate Sanctions and Export Control Laws. Further details are available at https://www.sophos.com/en-us/legal/export.aspx. 10.2 Compliance with Laws. Each party agrees to comply with all laws applicable to the actions and obligations contemplated by this Agreement. Each party warrants that, during the term of this Agreement, neither party nor any of its officers, employees, agents, representatives, contractors, intermediaries, or any other person or entity acting on its behalf has taken or will take any action, directly or indirectly, that contravenes (a) the United Kingdom Bribery Act 2010, (b) the United States Foreign Corrupt Practices Act 1977, or (c) any other applicable anti-bribery laws or regulations anywhere in the world. 11.GENERAL 11.1 Assignment. Customer may not sublicense, assign, or transfer its rights or obligations under this Agreement without Sophos’s prior written consent. Sophos may in its sole discretion assign, novate, subcontract, or otherwise transfer any of its rights or obligations hereunder. 11.2 Notice. Sophos may provide Customer with notice (a) if applicable to the Product, by means of a general notice on the Product portal, on the Sophos.com website, or any other website used as part of the Product, and (b) if specific to the Customer, by electronic mail to the e-mail address in Sophos’s records. All notices to Sophos concerning this Agreement will be addressed to The Legal Department, Sophos Limited, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom with a copy to legalnotices@sophos.com. 11.3 Waiver & Severability. Failure by either party to enforce any term or condition of this Agreement will not be construed as a waiver of any of its rights under it. If any provision of the Agreement is held to be invalid or unenforceable, the remaining provisions of the Agreement will remain in force to the fullest extent permitted by law. 11.4 Force Majeure. Except for payment obligations, neither party will be liable to the other for any delay or failure to perform hereunder due to circumstances beyond such party’s reasonable control. 11.5 Community Forum. Customer and other Sophos customers may exchange ideas and technical insight related to Sophos offerings in the Sophos Community site at https://community.sophos.com/. Sophos does not endorse, warrant, or guarantee any information posted on that site, and Customer alone assumes the risk of using any such information. 11.6 Third Party Flow-down. If the Product is Sophos Central Wireless, the Google Maps / Google Earth Additional Terms of Service (including the Google Privacy Policy) apply to use of the Product. If the Product utilizes the Talos Rules, Cisco Inc. is a third-party beneficiary to this Agreement with regards to Customer’s use of the Talos Rules. 11.7 Service Monitoring. Customer acknowledges that Sophos continuously monitors the Service to: (a) track usage and Entitlement, (b) provide support, (c) monitor the performance, integrity, and stability of the Service’s infrastructure, (d) prevent or remediate technical issues, and (e) detect and address illegal acts or violations of Section 2.3 (Restrictions). 11.8 Audit Rights. To the extent tracking of Customer’s Use Level (Section 2.2) is not possible, Sophos may audit Customer’s use of the Product to verify that Customer’s usage complies with the applicable Entitlement, including without limitation through self-certifications, on-site audits and/or audits done using a third party auditor. An audit will be done upon reasonable notice and during normal business hours, but not more often than once each year unless a material discrepancy was identified during the course of a prior review. Customer further agrees to keep accurate records sufficient to certify Customer’s compliance with this Agreement, and, upon Sophos’s request, Customer will promptly provide the necessary details certifying Customer’s aggregate usage of the Product. Sophos will bear the costs of any such audit (other than Customer’s costs associated with any self-certification), except where the audit demonstrates that the amount of the underpayment exceeds five percent (5%) of the fees due. In such case, in addition to purchasing appropriate Entitlement and paying for past excess usage, Customer will reimburse Sophos all reasonable and demonstrable costs of the audit. 11.9 United States Government Users; Non-Waiver of Government Immunity. (a) The Product and Documentation are considered “commercial computer software” and “commercial computer software documentation” for the purposes of FAR 12.212 and DFARS 227.7202, as amended, or equivalent provisions of agencies that are exempt from the FAR or that are U.S. state or local government agencies. Any use, modification, reproduction, release, performance, display, or disclosure of the Product by the U.S. Government and U.S. state and local government agencies will be governed solely by this Agreement, and except as otherwise explicitly stated in this Agreement, all provisions of this Agreement shall apply to the U.S. Government and U.S. state and local government agencies. (b) If Customer is a federal, state, or other governmental instrumentality, organization, agency, institution, or subdivision, the limitations of liability and Customer’s indemnity obligations herein shall apply only in the manner and to the extent permitted by applicable law, and without waiver of Customer’s constitutional, statutory, or other immunities, if any. 11.10 Governing Law and Jurisdiction. If the Customer that has purchased access and use of the Product is located in the United States of America, Canada, or Latin America, this Agreement shall be governed by and construed in accordance with the laws of the Commonwealth of Massachusetts, U.S.A notwithstanding its conflicts of law principles, and all claims arising out of or relating to this Agreement or the Product shall be brought exclusively in the federal or state courts located in the Commonwealth of Massachusetts, U.S.A. The parties waive any right to a jury trial in any litigation arising out of or relating to this Agreement or the Product. For any other country, this Agreement shall be governed by and construed in accordance with the laws of England and Wales, without regard to conflict of laws principles, and all claims arising out of or relating to this Agreement or the Product shall be brought exclusively in the courts of England and Wales. The parties agree that the UN Convention on Contracts for the International Sale of Goods (CISG, Vienna, 1980) shall not apply to this Agreement. 11.11 Survival. The following sections, together with any other terms necessary for the interpretation or enforcement of this Agreement, will survive termination or expiration of this Agreement: 1 (Definitions), 4.5 (Confidentiality) for five (5) years, 4.6 (Usage Data and Threat Intelligence Data), 5 (Ownership Rights), 6 (Fees, Payment and Taxes), 7 (Warranties; Disclaimers; Limitation of Liability), 8 (Indemnification), 9.3 (Effect of Termination), 9.4 (Customer Content upon Termination), and 11 (General). 11.12 Independent Parties. Sophos and Customer are independent contractors, and nothing in this Agreement will create a partnership, joint venture, agency, franchise, sales representative, or employment relationship between the parties. 11.13 Entire Agreement. If Sophos and Customer have signed a separate written agreement covering access and use of the Product, the terms of such signed agreement will take precedence over any conflicting terms of this Agreement. Otherwise, this Agreement, the Service Description (where applicable), the Schedule, the Licensing Guidelines, and the documents and policies referenced herein constitute the entire agreement between the parties with respect to the Product and supersede all prior or contemporaneous oral or written communications, agreements or representations with respect to the Product. The Service Description is incorporated by reference into this Agreement if Customer’s purchase and use of the Service is described in the Service Description. If there are any inconsistencies between the English language version of this Agreement and any translated version, the English language version shall prevail. Revision Date: 17 January 2022