RFI Enterprises, Inc. 6/20/2023 - Laserfiche WebLink

Agreement No. 351-2203909 Managed Services Subscription Agreement (03.26.20) Page 2 of 12 This document and any attachments are for the sole use of the intended recipients and contain confidential and proprietary information. Any unauthorized use, disclosure or distribution of this document or its attachments is prohibited. RFI may process in the course of performing the Managed Services. “SDI” means Subscriber’s system and device information transmitted for purposes of use and performance of the Services. 4. Data Security and Confidentiality. a. RFI and Subscriber each will (i) maintain throughout the Subscription Period best practices, industry-appropriate technical and organizational measures, in compliance with applicable laws (including without limitation Data Protection Laws), to protect against Data Breach all Confidential Information which it respectively collects, stores, transports, transmits or processes (or exposes for collection, processing, transporting, transmission or processing) by or in connection with the Managed Services; and (ii) promptly notify the other of any suspected or discovered Data Breach and provide all commercially reasonable cooperation and assistance to the other to investigate, mitigate and remediate it. RFI also will provide Subscriber all commercially reasonable assistance required by Subscriber to enable Subscriber to respond to, comply with or otherwise resolve any request, question or complaint received by Subscriber from any applicable data protection authority or from any living individual whose Personal Information is processed by RFI or the Service on behalf of Subscriber, at RFI’s expense in the case if a Data Breach caused by RFI’s negligence or breach of any Data Protection Laws. b. Without qualification of Section 4(a), each party (as “Recipient”) shall take all necessary precautions to keep secure and confidential all Confidential Information received from the other party (as “Discloser”); refrain from using Confidential Information except for purposes of performing its duties and exercising its rights under this Agreement; disclose the Confidential Information only to Recipient’s staff, professional advisers and subcontractors, on a “need to know” basis for such purposes, who are subject to obligations of confidentiality in relation to such Confidential Information which are no less stringent than the Recipient’s obligations of confidentiality under this Agreement; and refrain from disclosing it to any other person outside the Recipient’s organization without the prior written agreement of the Discloser. c. Section 4(b) shall not impair Recipient’s right to use and disclose otherwise Confidential Information that: (i) Recipient possessed without an obligation of confidence before receiving it from Discloser; (ii) Recipient developed or had developed for it independently without violation of Section 4(b); (iii) Recipient obtains from a third party who has no obligation of confidence as to it; (iv) becomes publicly available through no breach of this Agreement; or (v) Recipient is required to disclose by order of a court or by a government body or agency or by the listing rules of any stock exchange, provided Recipient shall notify Discloser of the requirement, sufficiently promptly (if commercially feasible) for Discloser to have the opportunity to seek a protective order. 5. Data Authorization; Appropriate Use. a. Subject to Section 4, Subscriber authorizes RFI to access SDI as necessary for performance of the Managed Services. RFI will process SDI only for the purpose of providing the Managed Services in accordance with Subscriber’s documented instructions and applicable Data Protection Laws, and shall maintain its confidentiality in accordance with Subscriber’s instructions and as required for that purpose or by law. For such purposes, RFI may employ subcontractors for cloud infrastructure, hosting and data analysis functions, who shall be bound by restrictions at least as strict as those set forth herein, and for whose acts, errors or omissions RFI shall remain responsible to Subscriber. RFI may collect and use anonymized and aggregated analytical information for statistical and business purposes including service improvement. c. RFI, reserves all of its respective current and future intellectual property rights in the Managed Services not explicitly granted herein. Subscriber shall not assert any right, title or interest in or to those of the other or any derivative works thereof. No license, title, ownership interest or other rights therein are granted other than the access and use rights expressly granted. Subscription is non-exclusive and non-transferable. Subscriber shall not without prior express, written permission of RFI, (i) license, sublicense, sell, resell, transfer, assign, distribute or otherwise commercially exploit or make available to any third party any element of the Services in any way; or (ii) “frame” or “mirror” any content from the Services on any server or wireless or internet-based device. Subscriber shall not modify, translate, reverse engineer, disassemble or decompile any software or agents furnished by RFI, except to the extent such actions cannot be prohibited under applicable law. c. In the case of Managed Services including Viakoo, the authorizations and reservations of rights set forth in Sections 5(a) and (b) also shall extend to Viakoo. d. Subscriber shall not use the Managed Services in any manner not in accordance with their intended uses or violate or attempt to violate or circumvent their security procedures. Subscriber shall immediately notify RFI of any unauthorized use of Subscriber’s account or any other breach of security that is known to or suspected by Subscriber relative to the Service. In case any Personal Information may be processed in the course of the Managed Services, Subscriber shall comply with all applicable Data Protection Laws, including maintaining a privacy policy that permits such processing, ensuring it has all necessary rights