SOPHOS SERVICES AGREEMENT FOR THIRD-PARTY MARKETPLACE THIS SOPHOS SERVICES AGREEMENT FOR THIRD-PARTY MARKETPLACE ("AGREEMENT") BETWEEN CUSTOMER AND SOPHOS LIMITED ("SOPHOS") GOVERNS CUSTOMER'S ACCESS AND USE OF THE SERVICE AND IS A LEGALLY BINDING AND ENFORCEABLE CONTRACT. BY CLICKING A BOX INDICATING ACCEPTANCE OR AGREEMENT, OR BY ACCESSING OR USING THE SERVICE, CUSTOMER AGREES TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF THE INDIVIDUAL ACCEPTING THE TERMS AND CONDITIONS OF THIS AGREEMENT IS ACCEPTING ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, SUCH INDIVIDUAL REPRESENTS THAT S/HE HAS THE AUTHORITY TO BIND SUCH ENTITY TO THIS AGREEMENT. 1. DEFINITIONS 1.1 "Affiliate" means, with respect to each party, an entity that controls, is controlled by, or is under common control with such party. For the purposes of this definition, "control" means the beneficial ownership of more than fifty percent (50%) of the voting power or equity in an entity. 1.2 "Beta Service" means any Service (or portion of a Service) or Service Software that Sophos identifies as beta, pre-release, early access, or preview, and that is made available to Customer during the Subscription Term but not made generally available for use. 1.3 "Cloud Service" means Sophos Cloud Optix. 1.4 "Confidential Information" means any non-public, confidential, or proprietary information of the disclosing party that is clearly marked confidential or reasonably should be assumed to be confidential given the nature of the information and the circumstances of disclosure. 1.5 "Customer" means the company or legal entity that: (a) has agreed to this Agreement with respect to the Service; and/or (b) subscribes to the Service through the Customer Cloud Account. 1.6 "Customer Cloud Account" means Customer's active account on a Third-Party Marketplace used to subscribe to the Service and receive invoices for access and use of the Service. 1.7 "Customer Content" means all software, data (including Personal Data), non-Sophos or third-party applications, and any other content, communications or material, in any format, provided by Customer or User to Sophos in connection with Customer's access and use of the Service. 1.8 "Documentation" means any online help content, user manuals, or similar materials pertaining to the implementation, operation, access, and use of the Service that are made available by Sophos, as may be revised by Sophos from time to time. 1.9 "Managed Security Service" means a service where Sophos manages Customer's IT infrastructure or cybersecurity posture in accordance with and as described in the applicable Service Description. 1.10 "Offer Details" means the pricing and other terms applicable to a Subscription as published in the Third-Party Marketplace and modified by Sophos from time to time. 1.11 "Personal Data" means any information relating to an identified or identifiable individual or that is otherwise defined as "personal data", "personal information", or "personally identifiable information" under applicable data protection laws. 1.12 "Sanctions and Export Control Laws" means any law, regulation, statute, prohibition, or similar measure applicable to the Service and/or to either party relating to the adoption, application, implementation, and enforcement of economic sanctions, export controls, trade embargoes, or any other restrictive measures, including, but not limited to, those administered and enforced by the European Union, the United Kingdom, and the United States, which shall be considered applicable to the Service. 1.13 "Service" means a Managed Service, Cloud Service, Beta Service, or Trial Service that Customer is authorized to access and use under the terms of this Agreement, or any other Sophos offering(s) made available for purchase and use through the Third-Party Marketplace, including any applicable support and maintenance services, and associated Service Software and Documentation. 1.14 "Service Description" means Sophos's description of a Managed Service's features, including, but not limited to, any additional Service-specific terms and requirements available at https://www.sophos.com/en-us/legal.aspx. 1.15 "Service Software" means any software agent, application, or tool made available by Sophos for Customer's use in connection with a Service, including any updates and upgrades. 1.16 "Subscription" means an enrollment for the Service through a Third-Party Marketplace. 1.17 "Third-Party Marketplace" means the software/service marketplace operated by a third-party where Sophos lists the Service. 1.18 "Third-Party Services" has the meaning set forth in Section 3.3 below. 1.19 "Trial Service" has the meaning set forth in Section 2.4 below. 1.20 "Trial Service Term" has the meaning set forth in Section 2.4 below. 1.21 "Usage Data" means any diagnostic and usage-related information from the use, performance and operation of the Service, including, but not limited to, type of browser, Service features, and systems that are used and/or accessed, and system and Service performance-related data. 1.22 "User" means Customer's and its permitted Affiliates' employees, contractors, and similar personnel authorized by Customer or its Affiliates to access and use the Service on such entity's behalf. 2. SERVICE USE AND RESTRICTIONS 2.1 Right to Access and Use. Subject to Customer's compliance with the terms of this Agreement, Sophos grants Customer a non-exclusive, non-transferable, worldwide right to access and use the Service solely for Customer's internal information security purposes. Customer may permit its Affiliates and Users to use the Service in accordance with this Agreement, provided that Customer remains fully responsible and liable for their use of the Service and compliance with the terms and conditions of this Agreement. 2.2 Restrictions. Except as specifically permitted in this Agreement, Customer will not (and will not allow an Affiliate, User, or third party to), directly or indirectly: (a) sublicense, resell, rent, lease, distribute, market, commercialize, or otherwise transfer rights to, or usage of, all or any portion of the Service, or provide the Service on a timesharing, service bureau, or other similar basis; (b) modify, adapt, translate, create derivative works of, reverse engineer, decompile, disassemble, or otherwise attempt to derive the source code of, any part of the Service; (c) remove, alter, or obscure any proprietary rights notices contained in or affixed to the Service; (d) attempt to gain unauthorized access to the Service; (e) attempt to disrupt, degrade, impair, or violate the integrity, security, or performance of the Service, including, without limitation, by executing any form of network monitoring; (f) use the Service to store, transmit, or propagate any viruses, software routines, or other code designed to permit unauthorized access, to disable, erase or otherwise harm software, hardware or data, or to perform any other harmful actions; (g) take any action that imposes or may impose an unreasonable or disproportionately large load on Sophos's infrastructure, as determined by Sophos in its sole discretion; (h) disable or circumvent any monitoring or billing mechanism related to the Service; or (i) access or use the Service in a manner that violates applicable law or regulation, infringes third party rights, or violates the terms and conditions of this Agreement. 2.3 Trial Services and Beta Services. (a) If a free trial or evaluation of a Service ("Trial Service") is available in the Third-Party Marketplace and approved by Sophos, Customer may access and use the Trial Service for thirty (30) days or such other duration specified by Sophos in writing ("Trial Service Term"). (b) From time to time, Sophos may invite Customer to try a Beta Service, for a period specified by Sophos and at no charge, which Customer may accept or decline in Customer's sole discretion. Customer will comply with testing guidelines that Sophos provides in connection with Customer's use of a Beta Service and will make reasonable efforts to provide Feedback in accordance with Section 5.3. Sophos may discontinue a Beta Service at any time in its sole discretion and may not make it generally available. (c) Trial Services and Beta Services are provided for internal testing and evaluation solely for Customer's own internal information security purposes. (d) TRIAL SERVICES AND BETA SERVICES ARE PROVIDED "AS IS" WITHOUT ANY SUPPORT, INDEMNITY, LIABILITY OR REMEDY OF ANY KIND. TO THE EXTENT ALLOWED BY APPLICABLE LAW, SOPHOS EXPRESSLY DISCLAIMS ALL WARRANTIES AND CONDITIONS OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTY, CONDITION, OR OTHER IMPLIED TERM AS TO MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF TRIAL SERVICES OR BETA SERVICES. (e) The terms of this Section 2.4 apply, and prevail over any conflicting terms in this Agreement, with respect to all access and use of Trial Services or Beta Services. 2.4 Modifications to Service and Agreement. Sophos may modify or update the Service from time to time without materially reducing or degrading its overall functionality. Sophos may modify the terms of this Agreement from time to time by posting a modified version on the Service listing page on the Third-Party Marketplace or by notifying Customer in accordance with Section 11.2 ("Notice"). All modifications to this Agreement that are required by law, regulation, court order, or guidance from a government regulator will be effective immediately upon posting or notice to Customer, and by continuing to use the Service after the date of such posting or notice, Customer will be bound by the modified terms. All other modifications to the terms of this Agreement will be effective upon the earlier of (a) the renewal date of an existing Subscription, or (b) thirty (30) days after the date that Sophos posts or provides notice of the modified terms. 2.5 Service Software. If Sophos provides Service Software, Customer may use it only: (a) during the Subscription Term, or applicable Trial Service Term or Beta Service term; and (b) in compliance with the Sophos End User License Agreement located at https://www.sophos.com/en-us/legal/sophos-end-user-license-agreement.aspx and in conjunction with the Service. 2.6 Support. Sophos will provide the technical support specified in the applicable Offer Details or Documentation during Customer's Subscription. Technical support packages are described at: https://www.sophos.com/en-us/support/technical-support.aspx. From time to time, Sophos performs scheduled maintenance to update the servers, software, and other technology that are used to provide the Service and will use commercially reasonable efforts to provide prior notice of such scheduled maintenance. Customer acknowledges that, in certain situations, Sophos may need to perform emergency maintenance of the Service without providing prior notice. 3. CUSTOMER OBLIGATIONS 3.1 Access and Use. Customer is solely responsible for: (a) accessing and using the Service in accordance with the Documentation; (b) determining the suitability of the Service for Customer's internal information security purposes; (c) configuring the Service appropriately; (d) complying with any regulations and laws (including, without limitation, export, data protection, and privacy laws) applicable to Customer Content and Customer's use of the Service; (e) Customer's and User's access and use of the Service; (f) all activity occurring under Customer's Service and support accounts; (g) providing all reasonable information and assistance required for Sophos to deliver the Service or enable Customer's or User's access and use of the Service; (h) using reasonable means to protect the account information and access credentials (including passwords and devices or information used for multi-factor authentication purposes) used by Customer and Users to access the Service; and (i) promptly notifying Sophos of any unauthorized account use or other suspected security breach, or unauthorized use, copying, or distribution of the Service or Customer Content. 3.2 Accuracy of Information. Customer agrees to provide complete and accurate Customer and User identification information in connection with access and use of the Service, including but not limited to providing reasonable Customer and User contact details and information upon Sophos's or Third-Party Marketplace's request. 3.3 Third-Party Services. The Service may enable or require Customer to associate its Service account with, link to, or otherwise access, third parties' websites, platforms, content, products, services, or information ("Third-Party Services"). Third-Party Services are not part of the Service, and Sophos does not control and is not responsible for the Third-Party Services. Customer is solely responsible for: (a) obtaining and complying with any terms of access and use of the Third-Party Services, including any separate fees or charges imposed by the provider of the Third-Party Services; and (b) configuring the Third-Party Services appropriately. Sophos disclaims all responsibility and liability arising from or related to Customer's access or use of the Third-Party Services, including any impact on Service capabilities as a result of Customer's use of, or reliance upon, the Third-Party Services. 4. CUSTOMER CONTENT; PRIVACY & SECURITY; CONFIDENTIALITY 4.1 Customer Content. Customer is solely responsible for all Customer Content, including but not limited to its accuracy, quality, and legality. Customer represents and warrants that it: (a) has the legal rights to provide Customer Content to Sophos; (b) has provided any required notices and has obtained any consents and/or authorizations (including any required from Users) related to its access and use of the Service and processing of Customer Content by Sophos; and (c) will comply with all applicable laws and regulations for collecting and processing Customer Content, and transferring Customer Content to Sophos. Customer is responsible for taking and maintaining appropriate steps to protect the confidentiality, integrity, and security of Customer Content, including but not limited to: (i) controlling access that Customer provides to Users; and (ii) backing up Customer Content. 4.2 Use of Customer Content by Sophos. Customer grants Sophos a non-exclusive, worldwide, royalty-free license to access and use the Customer Content to perform its obligations (including to provide the Service) and exercise its rights under this Agreement. 4.3 Protection of Customer Content by Sophos. Sophos will maintain appropriate administrative, physical, and technical measures designed to protect the security, confidentiality, and integrity of Customer Content processed by Sophos. The Data Processing Addendum ("DPA") located at https://www.sophos.com/en-us/legal/data-processing-addendum.aspx is incorporated by reference into this Agreement if the provision of Service constitutes any "processing" by Sophos of any "personal data" within the Customer Content, but only to the extent such processing falls within the scope of "Applicable Data Protection Laws" (each term as defined in the DPA). In the event of any conflict between the terms of the DPA and this Agreement, the terms of the DPA will take precedence. 4.4 Content Restrictions. If Customer's access and use of the Service requires Customer to comply with industry-specific data security or data protection obligations, Customer will be solely responsible for such compliance. Customer may not use the Service in a way that would subject Sophos to those industry-specific regulations without obtaining Sophos' prior written agreement. 4.5 Confidentiality. (a) Each party acknowledges that it and its Affiliates ("Disclosing Party") may have access to Confidential Information of the other party and its Affiliates ("Receiving Party") in connection with this Agreement. The Receiving Party will use the same degree of care that it uses to protect the confidentiality of its own Confidential Information of like kind (but not less than reasonable care). The Receiving Party agrees to (i) not use any Confidential Information for any purpose other than to perform its obligations and exercise its rights under this Agreement, and (ii) restrict dissemination of Confidential Information only to individuals or third parties with a "need to know" such information and who are under a substantially similar duty of confidentiality. A Receiving Party may disclose the Disclosing Party's Confidential Information in any legal proceeding or as required as a matter of applicable law or regulation (such as in response to a subpoena, warrant, court order, governmental request, or other legal process); provided, however, that to the extent permitted by applicable law, the Receiving Party will (1) promptly notify the Disclosing Party before disclosing the Disclosing Party's Confidential Information; (2) reasonably cooperate with and assist the Disclosing Party, at the Disclosing Party's expense, in any efforts by the Disclosing Party to contest the disclosure; and (3) disclose only that portion of the Disclosing Party's Confidential Information that is legally required to be disclosed. (b) Notwithstanding the above, a Disclosing Party's Confidential Information will not include information that: (i) is or becomes a part of the public domain through no act or omission of the Receiving Party; (ii) was in the Receiving Party's lawful possession prior to the disclosure by the Disclosing Party and had not been obtained by the Receiving Party either directly or indirectly from the Disclosing Party; (iii) is lawfully disclosed to the Receiving Party by a third party without restriction on the disclosure; or (iv) is independently developed by the Receiving Party without use of or reference to the Disclosing Party's Confidential Information. 4.6 Usage Data and Threat Intelligence Data. In the course of providing the Service, Sophos may collect, access, use, process, transmit, or store Usage Data for: (a) product improvement; (b) research and development purposes; and (c) deriving statistical data using information that is aggregated, anonymized, de-identified, or otherwise rendered not reasonably associated or linked to an identifiable individual or to Customer or Users ("Statistical Data"). Sophos retains all intellectual property rights in such Statistical Data. Sophos may share threat intelligence data (including from Customer Content, if it is anonymized, de-identified, or otherwise rendered not reasonably associated or linked to an identifiable individual, or to Customer or Users) with selected reputable members of the IT industry for the purposes of promoting awareness of security risks, and anti-spam and security threat research. 5. OWNERSHIP RIGHTS 5.1 Customer Ownership. Except as expressly provided otherwise in this Agreement, as between Sophos and Customer, Customer retains all right, title, and interest in and to Customer Content. 5.2 Sophos Ownership. As between Sophos and Customer, Sophos retains all right, title, and interest, including all intellectual property rights, in and to the Service, including all improvements, enhancements, modifications, derivative works, logos, and trademarks. Sophos reserves all rights in and to the Service that are not expressly granted under this Agreement. 5.3 Feedback. Customer or Users may provide suggestions, enhancement or feature requests, or other feedback to Sophos with respect to the Service ("Feedback"). If Customer provides Feedback, Sophos may use the Feedback without restriction and without paying any compensation to Customer, and Customer hereby irrevocably assigns to Sophos all intellectual property rights in and to such Feedback. 6. PAYMENT; TAXES; MONITORING 6.1 Fees, Taxes, and Payment. Sophos will provide the Service in accordance with the Offer Details effective at the time of Customer's access and use of the Service. All fees are exclusive of value added tax and any other federal, state, municipal, or other governmental taxes, duties, licenses, fees, excises, or tariffs, and Customer is responsible for paying any taxes assessed based on Customer's purchases under the Agreement. Invoicing and collection of the fees and any applicable taxes by the Third-Party Marketplace is done on behalf of Sophos, and in accordance with the Third-Party Marketplace's terms and policies. Customer will timely pay the applicable fees and taxes to the Third-Party Marketplace. Fees paid by Customer are nonrefundable. 6.2 Service Monitoring. Customer acknowledges that Sophos continuously monitors the Service to: (a) track usage, (b) provide support, (c) monitor the performance, integrity, and stability of the Service's infrastructure, (d) prevent or remediate technical issues, and (e) detect and address illegal acts or violations of Section 2.2 (Restrictions). 7. WARRANTIES; DISCLAIMERS; LIMITATION OF LIABILITY 7.1 Warranties. Each party warrants to the other party that it has the requisite authority to enter into this Agreement. Sophos warrants that, during the Subscription Term, (a) it will provide the Service using commercially reasonable skill and care, and (b) the Service will materially conform to the corresponding Documentation. Customer's sole and exclusive remedy for Sophos's breach of the foregoing warranty is, at Sophos's option, either (i) repair or replacement of the Service, or (ii) a pro rata refund of the fees paid for the period in which Sophos was in breach of the foregoing warranty. This warranty is conditioned upon Customer providing Sophos prompt written notice of the Service's non-conformity and using the Service in compliance with this Agreement. 7.2 Warranty Disclaimer. EXCEPT AS EXPRESSLY STATED IN SECTION 7.1, TO THE EXTENT ALLOWED BY APPLICABLE LAW, SOPHOS EXPRESSLY DISCLAIMS ALL WARRANTIES AND CONDITIONS OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY WARRANTY, CONDITION, OR OTHER IMPLIED TERM AS TO MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF THE SERVICE. SOPHOS MAKES NO WARRANTY OR REPRESENTATION THAT THE SERVICE: (A) WILL BE UNINTERRUPTED, COMPLETELY SECURE, ERROR-FREE, FAILSAFE, OR FREE OF VIRUSES; (B) WILL MEET CUSTOMER'S BUSINESS REQUIREMENTS OR OPERATE WITH CUSTOMER'S CURRENT SYSTEMS; OR (C) WILL IDENTIFY OR REMEDIATE ALL THREATS OR INDICATORS OF COMPROMISE. SOPHOS IS NOT RESPONSIBLE FOR ANY ISSUES RELATED TO THE PERFORMANCE, OPERATION, OR SECURITY OF THE SERVICE THAT ARISE FROM CUSTOMER CONTENT, THIRD-PARTY SERVICES, OR ANY OTHER SERVICES PROVIDED BY THIRD PARTIES. SOPHOS DISCLAIMS ANY RESPONSIBILITY OR LIABILITY FOR ANY INTERCEPTION OR INTERRUPTION OF ANY COMMUNICATIONS THROUGH THE INTERNET, NETWORKS, OR SYSTEMS OUTSIDE SOPHOS'S CONTROL. 7.3 Limitation of Liability. IN NO EVENT WILL SOPHOS OR ITS AFFILIATES BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY DAMAGES, OR ANY LOSS OF REVENUES, BUSINESS, PROFITS (IN EACH CASE WHETHER DIRECT OR INDIRECT), OR DATA IN CONNECTION WITH THIS AGREEMENT OR THE SERVICE, EVEN IF THE DAMAGES WERE FORESEEABLE OR A PARTY HAD BEEN ADVISED OF THE POSSIBILITY OF THOSE DAMAGES. IN NO EVENT WILL THE AGGREGATE LIABILITY OF SOPHOS OR ITS AFFILIATES FOR DIRECT DAMAGES ARISING OUT OF OR RELATED TO THIS AGREEMENT OR THE SERVICE EXCEED THE TOTAL AMOUNT PAID OR PAYABLE BY CUSTOMER UNDER THIS AGREEMENT DURING THE APPLICABLE SUBSCRIPTION TERM. THE LIMITATIONS AND EXCLUSIONS OF LIABILITY IN THIS SECTION 7.3 APPLY (A) WHETHER SUCH CLAIMS ARISE UNDER CONTRACT, TORT (INCLUDING NEGLIGENCE), EQUITY, STATUTE, OR OTHERWISE, AND (B) NOTWITHSTANDING THE FAILURE OF THE ESSENTIAL PURPOSE OF ANY REMEDY. NOTHING IN THIS AGREEMENT LIMITS OR EXCLUDES ANY LIABILITY WHICH CANNOT BE LIMITED OR EXCLUDED UNDER APPLICABLE LAW. 8. INDEMNIFICATION 8.1 Indemnification by Customer. Customer will indemnify, defend, and hold harmless Sophos, its Affiliates, and their officers, directors, employees, contractors, and agents against any claims, liabilities, and expenses (including court costs and reasonable attorneys' fees) that are incurred as a result of or in connection with: (a) Customer Content, including without limitation Customer's failure to follow applicable laws, obtain all necessary consents related to Customer Content, or comply with Section 4.4 (Content Restrictions); (b) Customer's access or use of the Service in a manner not expressly permitted by this Agreement; (c) Customer's violation of any third party rights; (d) Customer's violation of applicable laws or regulations; or (e) any work product created in reliance on the Service and use of such work product by Customer or a third party. 8.2 Indemnification Procedures. Sophos will: (a) promptly notify Customer in writing of any indemnifiable claim; (b) give Customer all reasonable assistance, at Customer's expense; and (c) give Customer sole control of the defense and settlement of the claim. Any settlement of a claim will not include a specific performance obligation, or an admission of liability by Sophos, without Sophos's consent. Sophos may join in the defense of an indemnifiable claim with counsel of its choice at its own expense. 9. TERM AND TERMINATION 9.1 Term. This Agreement will become effective as of the Subscription date and will continue in effect until terminated by Customer or Sophos in accordance with the Agreement ("Term"). 9.2 Termination for Convenience. Customer may terminate this Agreement at any time during its Term by canceling the Subscription on the Third-Party Marketplace; however, Customer must pay all outstanding amounts owed before the termination is effective. Sophos may terminate this Agreement at any time by giving Customer at least thirty (30) days' prior notice. 9.3 Termination or Suspension of Service. Either party may terminate this Agreement if the other party materially breaches its obligations hereunder and does not cure the breach within thirty (30) days after receipt of written notice of the breach. Sophos may immediately suspend Customer's or User's access and use of the Service, or portions of the Service, if: (a) Sophos believes there is a significant threat to the functionality, security, integrity, or availability of the Service to Customer or to other customers; (b) Customer accesses or uses the Service in violation of Section 2.2 (Restrictions); (c) Customer fails to pay the fee for access and use of the Service (as applicable) in accordance with the agreed payment terms; (d) Sophos reasonably believes that Customer is violating or has violated Sanctions and Export Control Laws and/or the provisions of Section 10.1 (Export Compliance) in connection with access and use of the Service; or (e) Customer no longer has an active Customer Cloud Account. Any Service suspension under this Section shall not excuse Customer's payment obligations under this Agreement. Customer acknowledges that, pursuant to the Third-Party Marketplace's terms and policies, the Third-Party Marketplace may suspend or terminate the Customer Cloud Account, which will suspend or terminate Customer's access to, and use of, the Service. Sophos will not be liable to Customer in any manner for any suspension or termination of the Customer Cloud Account by the Third-Party Marketplace. 9.4 Effect of Termination. Upon termination or expiration of this Agreement: (a) all Customer rights under this Agreement relating to the Service will immediately terminate; (b) Customer is no longer authorized to access the Service; and (c) Customer must remove the Service from the Customer Cloud Account. 9.5 Customer Content upon Termination. After termination or expiration of this Agreement, Customer agrees that Sophos has no obligation to Customer to retain Customer Content, which may thereafter be permanently deleted by Sophos. Sophos will protect the confidentiality of Customer Content residing in the Service for as long as such information resides in the Service. 10. EXPORT CONTROL; COMPLIANCE WITH LAWS 10.1 Export Compliance. Customer is solely responsible for ensuring that the Service is used, accessed, and disclosed in compliance with Sanctions and Export Control Laws. Customer certifies that Customer or Users, or any party that owns or controls Customer or Users, are not (a) ordinarily resident in, located in, or organized under the laws of any country or region subject to economic or financial trade sanctions or trade embargoes imposed, administered, or enforced by the European Union, the United Kingdom, or the United States; (b) an individual or entity on the Consolidated List of Persons, Groups, and Entities Subject to European Union Financial Sanctions; the U.S. Department of the Treasury's List of Specially Designated Nationals and Blocked Persons or Foreign Sanctions Evaders List; the U.S. Department of Commerce's Denied Persons List or Entity List; or any other sanctions or restricted persons lists maintained by the European Union, the United Kingdom, or the United States; or (c) the target or subject of any Sanctions and Export Laws. Customer further certifies that it and Users will not, directly or indirectly, export, re-export, transfer, or otherwise make available (i) the Service, or (ii) any data, information, software programs, and/or materials resulting from the Service (or direct product thereof) to any person described in (a) through (c) or in violation of, or for any purpose prohibited by, Sanctions and Export Control Laws, including for proliferation-related end uses. Customer agrees that Sophos has no obligation to provide the Service where Sophos believes the provision of the Service could violate Sanctions and Export Control Laws. Further details are available at https://www.sophos.com/en-us/legal/export.aspx. 10.2 Compliance with Laws. Each party agrees to comply with all laws applicable to the actions and obligations contemplated by this Agreement. Each party warrants that, during the term of this Agreement, neither party nor any of its officers, employees, agents, representatives, contractors, intermediaries, or any other person or entity acting on its behalf has taken or will take any action, directly or indirectly, that contravenes (a) the United Kingdom Bribery Act 2010, (b) the United States Foreign Corrupt Practices Act 1977, or (c) any other applicable anti-bribery laws or regulations anywhere in the world. 11. GENERAL 11.1 Assignment. Customer may not sublicense, assign, or transfer its rights or obligations under this Agreement without Sophos's prior written consent. Sophos may in its sole discretion assign, novate, subcontract, or otherwise transfer any of its rights or obligations hereunder. 11.2 Notice. Sophos may provide Customer with notice by sending a message to the email address associated with the Customer Cloud Account. When requested by Sophos, Customer will direct the applicable Third-Party Marketplace to provide such email address to Sophos. All notices to Sophos concerning this Agreement should be addressed to The Legal Department, Sophos Limited, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, United Kingdom with a copy to legalnotices@sophos.com. 11.3 Waiver. Failure by either party to enforce any term or condition of this Agreement will not be construed as a waiver of any of its rights under it. 11.4 Severability. If any provision of the Agreement is held to be invalid or unenforceable, the remaining provisions of the Agreement will remain in force to the fullest extent permitted by law. 11.5 Force Majeure. Neither party will be liable to the other for any delay or failure to perform hereunder, except for Customer's payment obligations, due to circumstances beyond such party's reasonable control, including acts of God, acts of government, flood, fire, earthquakes, civil unrest, acts of terror, strikes or other labor problems, or other industrial disturbances, systemic electrical, telecommunications, or other utility failures. 11.6 Community Forum. Customer and other Sophos customers may exchange ideas and technical insight related to Sophos offerings in the Sophos Community site at https://community.sophos.com/. Sophos does not endorse, warrant, or guarantee any information posted on that site, and Customer alone assumes the risk of using any such information. 11.7 United States Government Users; Non-Waiver of Government Immunity. (a) The Service and Documentation are considered "commercial computer software" and "commercial computer software documentation" for the purposes of FAR 12.212 and DFARS 227.7202, as amended, or equivalent provisions of agencies that are exempt from the FAR or that are U.S. state or local government agencies. Any use, modification, reproduction, release, performance, display, or disclosure of the Service by the U.S. Government and U.S. state and local government agencies will be governed solely by this Agreement, and except as otherwise explicitly stated in this Agreement, all provisions of this Agreement shall apply to the U.S. Government and U.S. state and local government agencies. (b) If Customer is a federal, state, or other governmental instrumentality, organization, agency, institution, or subdivision, the limitations of liability and Customer's indemnity obligations herein shall apply only in the manner and to the extent permitted by applicable law, and without waiver of Customer's constitutional, statutory, or other immunities, if any. 11.8 Governing Law and Jurisdiction. If Customer is located in United States of America, Canada, or Latin America, this Agreement shall be governed by and construed in accordance with the laws of the Commonwealth of Massachusetts, U.S.A notwithstanding its conflicts of law principles, and all claims arising out of or relating to this Agreement or the Service shall be brought exclusively in the federal or state courts located in the Commonwealth of Massachusetts, U.S.A. The parties waive any right to a jury trial in any litigation arising out of or relating to this Agreement or the Service. If Customer is located in any other country, this Agreement shall be governed by and construed in accordance with the laws of England and Wales, without regard to conflict of laws principles, and all claims arising out of or relating to this Agreement or the Service shall be brought exclusively in the courts of England and Wales. The parties agree that the UN Convention on Contracts for the International Sale of Goods (CISG, Vienna, 1980) shall not apply to this Agreement. 11.9 Survival. The following sections, together with any other terms necessary for the interpretation or enforcement of this Agreement, will survive termination or expiration of this Agreement: 1 (Definitions), 4.5 (Confidentiality) for five (5) years, 4.6 (Usage Data and Threat Intelligence Data), 5 (Ownership Rights), 6 (Payment; Taxes: Monitoring), 7 (Warranties; Disclaimers; Limitation of Liability), 8 (Indemnification), 9.3 (Effect of Termination), 9.5 (Customer Content upon Termination), and 11 (General). 11.10 Independent Parties. Sophos and Customer are independent contractors, and nothing in this Agreement will create a partnership, joint venture, agency, franchise, sales representative, or employment relationship between the parties. 11.11 Entire Agreement. This Agreement, the Offer Details, and the documents and policies referenced herein constitute the entire agreement between the parties with respect to the Service and supersede all prior or contemporaneous oral or written communications, agreements or representations with respect to the Service. If there are any inconsistencies between the English language version of this Agreement and any translated version, the English language version shall prevail. Revision Date: January 29, 2020