Terms of Service

Thank you for using GetSwift. These terms of service (the “Terms”) govern your access to and use of the sites and services (“Services") provided by GetSwift Limited, ACN: 604 611 556 and its subsidiaries (GetSwift” “we” or “our”). Please read them carefully before using the Services.

By using the Services you are agreeing to these Terms. If you are using the Services on behalf of an organization, you are agreeing to these Terms for that organization and representing that you have the authority to bind that organization to these Terms. In that case, “you” and “your” will refer to that organization.

You may use the Services only in accordance with these Terms. You may use the Services only if you have the legal power and capacity to form a contract with GetSwift. The Services will continue to evolve as we refine features and functionality. We may terminate, suspend, or modify the Services, in general or with respect to you, from time to time without cause or prior notice. We may also delete any content or data from the Services at our discretion.

We may also update these Terms at any time and from time to time.  Your continued use of the Services following any such update will be taken as confirmation of your acceptance of such updates.

All documents and information on the GetSwift website are protected by copyright. Except as specifically permitted herein, no portion of the documents or information on this website may be reproduced in any form or by any means without the express written consent of GetSwift.

Content and Liability Disclaimer

GetSwift shall not be responsible for any errors or omissions contained on any GetSwift website and reserves the right to make changes at anytime without notice. Mention of non-GetSwift products or services is provided for informational purposes only and constitutes neither an endorsement nor a recommendation by GetSwift. All GetSwift and third-party information provided on any GetSwift website is provided on an “as is” basis.

GETSWIFT DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, WITH REGARD TO ANY INFORMATION (INCLUDING ANY SOFTWARE, PRODUCTS, OR SERVICES) PROVIDED ON ANY GETSWIFT WEBSITE, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

Some jurisdictions do not allow the exclusion of implied warranties, so the above exclusion may not apply to you.

In no event shall GetSwift be liable for any damages whatsoever, and in particular GetSwift shall not be liable for direct, special, indirect, consequential, or incidental damages, or damages for lost profits, loss of revenue or loss of use, cost of replacement goods, loss or damage to data arising out of the use or inability to use any GetSwift website, any GetSwift product or service. This includes damages arising from use of or in reliance on the documents or information present on any GetSwift website (including any information posted or placed by anyone other than GetSwift), even if GetSwift has been advised of the possibility of such damages.

Release of Information For Legal and Other Reasons

We may release information concerning your use of the website as required by law and when we believe in good faith that such release is appropriate to protect our rights and/or comply with a judicial proceeding, court order or legal process served on us or the website.  We may also provide information as necessary or advisable for regulatory or other compliance requirements or for us to be able to identify our clients for regulatory disclosure purposes or otherwise for investor presentations and general information.

License to Use Our Services

Subject to these Terms, we grant to you a limited, non-exclusive, non-transferable license to use our Services for your internal use and not for resale or further distribution. Your right to use our Services is limited by all terms and conditions set forth in these Terms. Except for this license granted to you, we retain all right, title and interest in and to all material that appears on our websites or that is used in our Services, including all related intellectual property rights. Such material is protected by applicable intellectual property laws, including United States copyright law and international treaties.

Except as otherwise explicitly provided in these Terms or as may be expressly permitted by applicable law, you will not, and will not permit or authorize any third party to: (i) reproduce, modify, translate, enhance, decompile, disassemble, reverse engineer or create derivative works of any of our material; (ii) rent, lease or sublicense access to any of our material; or (iii) circumvent or disable any security or technological features or measures related to such material.

Certain of our Services are provided at no cost and certain Services are subject to various fees. The pricing for the Services can be found at getswift.co/pricing, are based on usage and are non-refundable.

The fees for the pricing tiers, as well as telephony charges incurred, will be billed to your credit card and you authorize the card issuer to pay any amounts set forth herein and authorize GetSwift (or our billing agent) to charge your credit card account until you or we cancel or terminate your pricing tier; provided that if payment is not received from your credit card issuer, you agree to pay all amounts due upon demand. You must provide current, complete and accurate billing and credit card information. You agree to pay all costs of collection, including attorney's fees and costs, on any outstanding balance. In certain instances, the issuer of your credit card may charge you a foreign transaction fee or related charges, which you will be responsible to pay.

You will be responsible for payment of any applicable sales, use and other taxes and all applicable export and import fees, customs duties and similar charges (other than taxes based on GetSwift income), and any related penalties and interest for the grant of access rights hereunder, or the delivery of related services. You will make all required payments to GetSwift free and clear of, and without reduction for, any withholding taxes. Any such taxes imposed on payments to GetSwift will be your sole responsibility, and you will, upon GetSwift request, provide GetSwift with official receipts issued by appropriate taxing authorities, or such other evidence as GetSwift may reasonably request, to establish that such taxes have been paid. GetSwift has a ‘no refund’ policy, but any account credit requests will be considered and processed on a case by case basis.

Access to Our Services

We do not provide you with the equipment to access our Services. You are responsible for all fees charged by third parties related to your access and use of our Services (e.g., charges by Internet service providers).

We reserve the right to modify or discontinue, temporarily or permanently, all or any portion of our Services without notice. We will not be liable to you or to any third party for any modification, suspension, or discontinuance of all or any portion of our Services.

We also reserve the right, in our sole discretion, to reject, refuse to post, or remove any material that you post or submit for posting, and to restrict, suspend, or terminate your access to our Services at any time, for any or no reason, with or without prior notice, and without liability.

Restrictions

You must comply with all applicable laws when using our Services. Except as may be expressly permitted by applicable law, or as GetSwift may authorize expressly in writing, you will not, and will not permit anyone else to: (i) store, copy, modify, distribute, or resell any of the information; audio, visual, and audiovisual works, or other content made available on our Services (collectively, “Service Content”) or compile or collect any Service Content as part of a database or other work; (ii) use any automated tool (e.g., robots, spiders) to access or use our Services or to store, copy, modify, distribute, or resell any Service Content; (iii) rent, lease, or sublicense your access to our Services to another person; (iv) use any Services or Service Content for any purpose except for your own internal use; (v) circumvent or disable any digital rights management, usage rules, or other security features of our Services; (vi) use our Services in a manner that overburdens, or that threatens the integrity, performance, or availability of, our Services; or (vii) remove, alter, or obscure any proprietary notices (including copyright and trademark notices) on any portion of our Services or any Service Content.

Privacy Policy

Our Services are designed to allow you to assign tasks to field workers, communicate with your field workers and customers (“Users”), and view information pertaining to your field workers’ activity. GetSwift does this in part using GPS and other sensors on devices running GetSwift applications. Some information is automatically collected from or about your Users and field workers when you use our Services and may include, for example, geographic coordinates, phone numbers, names, and addresses.

You agree to comply with all applicable privacy and data protection regulations. Further, you agree to not use our service to send us sensitive information where unauthorized disclosure could cause material, severe, or catastrophic harm or impact to GetSwift, any data subjects or relying parties. Sensitive Information includes:

  • Passwords, authentication/authorization credentials

  • Information under strict regulatory or contractual handling requirements (e.g., PCI, HIPAA, and state and federal data security laws) including:

    • Credit Card Information including credit card numbers, CIV numbers (three digit codes for Visa and MasterCard, four digit code for American Express) and magnetic stripe information

    • Social Security Numbers

    • Drivers License Numbers

    • Passport Numbers

    • Government Issued Identification Numbers

    • Financial Account Information

    • Health data

    • Biometric data

    • Personally identifiable information knowingly collected from children under the age of 13 or from online services directed toward children and

    • Real time geolocation data which can identify an individual.

  • Business secrets deemed highly confidential (e.g., highly-confidential business strategies and communications, sensitive attorney-client privileged and confidential communications).

We collect, store, and use your User data on our servers to provide you with the ability to better maintain and improve our Services. We may also use data in an aggregated form for our own purposes. Our Services transfer data to servers that store User data in the U.S. and outside the U.S. We only share User information with others as contemplated by these Terms and otherwise under special circumstances as follows:

  • With third parties who work on our behalf to provide our Services;

  • To comply with laws or to respond to lawful requests and legal process (provided that GetSwift will endeavor to notify you if GetSwift has received a lawful request for your information);

  • To protect the rights and property of GetSwift, our agents, customers, and others including to enforce our agreements, policies, and terms of use;

  • In an emergency, including to protect the personal safety of any person; and

  • For the purposes of a business deal (or negotiation of a business deal) involving sale or transfer of all or a part of our business or assets (business deals may include, for example, any merger, financing, acquisition, divestiture, or bankruptcy transaction or proceeding).

We provide you with access to your User data and ability to delete any of your User data. We also take commercially reasonable steps to safeguard User data.

You agree to provide appropriate notices to your Users about, and if required by applicable laws obtain appropriate consent from Users for, your information collection and use practices relating to your use of our Services and your use of cookies for tracking purposes. Appropriate notices may include notice in the form of a privacy policy posted on your site, in your mobile application, and/or, if you use GetSwift's Notifications in the SMS messages you send through our service.

We may also collect registration and other information about you as our customer through our Site. Our collection and use of information collected about you on our website is governed by our Privacy Policy, available at https://getswift.co/privacy-policy.

Restricted Areas of the Services

Certain parts of our Services, including account management features, may be password-restricted to registered users or other authorized persons (“Password-Protected Areas”). If you are authorized to gain access to any Password-Protected Areas, you agree that you are entirely responsible for maintaining the confidentiality of your password, and agree to notify us if the password is lost, stolen, disclosed to an unauthorized third party, or otherwise may have been compromised. You agree that you are entirely responsible for any and all activities that occur under your account, whether or not you are the individual who undertakes such activities. You agree to immediately notify us of any unauthorized use of your account or any other breach of security in relation to your password or our Services that is known to you.

Products

Information contained in this site may contain references to GetSwift products or programs that are not announced or available in all countries. Such references do not imply that GetSwift intends to announce such products, programs or services in any particular country. Consult your local GetSwift representative or email GetSwift at info@getswift.co for information regarding the products and services that are available to you. GetSwift obligations with respect to its products and services are governed solely by the license and/or service agreements under which they are provided. If you obtain a product or service from GetSwift from this website that is provided without an agreement, that product or service is provided “AS-IS” with no warranties whatsoever, express or implied, and your use of that product or service is at your own risk.

Links to Third-Party Sites

The GetSwift websites may contain links to third-party sites. Access to any website linked to any GetSwift website is not the responsibility of GetSwift and GetSwift is not responsible for the accuracy, or reliability of any content on such websites. Further, the presence of a link to a third-party site does not mean that GetSwift endorses that site, its products, or views expressed there. GetSwift provides these links merely for convenience and the presence of such third-party links are not an endorsement or recommendation by GetSwift.

LIMITATION OF LIABILITY

IN NO EVENT WILL GETSWIFT BE LIABLE TO ANY PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, EXEMPLARY, SPECIAL OR OTHER CONSEQUENTIAL DAMAGES FOR ANY USE OF THIS WEBSITE, OR ON ANY OTHER HYPERLINKED WEBSITE, INCLUDING, WITHOUT LIMITATION, ANY LOST PROFITS, BUSINESS INTERRUPTION, LOSS OF PROGRAMS OR OTHER DATA ON YOUR INFORMATION HANDLING SYSTEM OR OTHERWISE, EVEN IF GETSWIFT IS EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Governing Law and Jurisdiction

Enforcement of any dispute relating to these Terms will be governed by the laws of the State of New York excluding its conflict and choice of law principles. For parties residing in the United States, the exclusive jurisdiction and venue for any claims arising out of or related to these Terms or your use of the Services or Service Content will lie in the state and federal courts located in the County and City of New York City, New York, and you irrevocably agree to submit to the jurisdiction of such courts.

For parties residing outside the United States, any dispute arising hereunder shall be submitted to confidential binding arbitration in the County and City of New York City, New York for the maximum judgment enforceable, except that to the extent customer has in any manner violated or threatened to violate GetSwift's intellectual property rights, GetSwift may seek injunctive or other appropriate relief. Customer hereby consents to, and waives all defenses of lack of personal jurisdiction and forum non conveniens with respect to venue and jurisdiction in the state and federal courts of New York. Arbitration shall be conducted pursuant to the Rules of the American Arbitration Association. The arbitrator's award shall be final and binding and may be entered as a judgment in any court of competent jurisdiction. The parties each agree that any dispute resolution proceedings will be conducted only on an individual basis and not in a class, consolidated or representative action. If for any reason a claim is initiated in court rather than in arbitration we each waive any right to a jury trial.

Our failure to enforce any right or provision in these Terms will not constitute a waiver of such right or provision unless acknowledged and agreed to by us in writing. In the event that a court of competent jurisdiction finds any provision of these Terms to be illegal, invalid, or unenforceable, the remaining provisions will remain in full force and effect.

The terms and conditions which by their nature are intended to survive termination of these Terms shall survive, including Restrictions, Disclaimer of Warranties, Feedback, Indemnity, and Limitation of Liability.

Trademarks

The trademarks, logos, and service marks (collectively “Trademarks”) appearing on the GetSwift website are the property of GetSwift. Nothing contained on the GetSwift website should be construed as granting any license or right to use any Trademark without the prior written permission of the party that owns the Trademark.

Contacting Us

If you have any questions or concerns about our Services or these Terms, you may contact us at info@getswift.co

MASTER SERVICES AGREEMENT

THIS MASTER SERVICES AGREEMENT (“Agreement”), is made and entered into as of the 1st of January, 2019 (“Effective Date”), by and between Customer ( “Customer ”) and GetSwift, Inc. ("Supplier"), with its principal place of business located at 1185 Avenue of the Americas, 3rd Fl., New York NY 10036.

WHEREAS, Supplier is entering into this Agreement on its own behalf, and on behalf of any of its current or future parent, subsidiary, and commonly owned affiliates.

WHEREAS, Customer and Supplier, as the vendor, now desire, and from time to time hereafter may again desire, to enter into one or more statements of work for the provision of services and/or products; and

NOW THEREFORE, for good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties to this Agreement agree as follows:

DEFINITION OF KEY TERMS.

Acceptance: acknowledgment and agreement by Customer of the Deliverables completed and delivered under a SOW, and otherwise in accordance with the specifications set forth therein, as further described in Section 2.2.

Customer Affiliate:

Deliverables: the specific product or products to be provided by Supplier as a result of or in connection with Services under a SOW, including any licensed access to Supplier's proprietary software platform and application programming interface.

Parties: Customer and Supplier.

Services: management, technical, financial, software development or other information technology related services to be provided by Supplier to Customer under this Agreement through its employees and contractors, as further described in each SOW.

Statement of Work (“SOW”): the specific agreement from time to time by which Customer may engage Supplier to perform Services and provide Deliverables. The agreed upon form of SOW is attached as Exhibit A.

Supplier Materials: the meaning given to such term in section 8.1 of this Agreement.

DELIVERY OF SERVICES; ACCEPTANCE.

Supplier will deliver to Customer the Services and Deliverables described in each SOW, in accordance with this Agreement and the applicable SOW.

(a) Except as otherwise set forth in an applicable SOW, Deliverables will meet the specifications and acceptance criteria set forth in each SOW (“Acceptance Criteria”). Customer, with Supplier's cooperation and assistance, will conduct acceptance tests to verify whether the Deliverables meet Acceptance Criteria and accept or reject a Deliverable. Customer shall have (i) a period of thirty (30) days from Supplier's delivery of a Deliverable to test it; or (ii) such other specific period as may be mutually agreed upon as set forth in the applicable SOW (“Acceptance Period”). Customer's failure reject a Deliverable in accordance with this Section 2.2 or accept the Deliverable within the Acceptance Period shall be deemed to Customer's acceptance of the Deliverable.

(b) Customer may reject any Deliverable that does not conform to the applicable Acceptance Criteria by delivering a written notice to Supplier setting forth the nature of the non-conformity with sufficient specificity for Supplier to remedy the nonconformance. Supplier will promptly remedy such nonconformance at no additional charge to Customer, and redeliver the corrected Deliverable for Customer to test according to the procedures set forth in this Section 2.

(c) If Supplier does not provide a corrected Deliverable within thirty (30) days after receipt of Customer’s written notice of rejection or such other period as the Parties may agree to in writing or remedy a nonconformance in the Deliverable after being given a reasonable opportunity to do so, Customer (i) may immediately terminate the applicable SOW and (ii) will have no obligation to pay for such Deliverable or any Services and materials expended by Supplier in connection with the creation or delivery of such Deliverable.

NO GRATUITIES. Supplier shall not offer or provide to the employees, agents or other representatives of Customer any gratuities, gifts, payments, or anything of value, in each case, exceeding a nominal value, whether or not in an attempt to influence such person's administration of the provisions of this Agreement or a SOW to otherwise gain unfair advantage over such employees, agents or other representatives or any third party.

STATEMENTS OF WORK.

The terms of this Agreement apply together with the terms of the applicable SOW to all Services and Deliverables provided to Customer by Supplier under this Agreement. In the event of conflict between the terms of this Agreement and a SOW, this Agreement controls unless the SOW expressly references the specific section number of the Agreement, which will be modified for purposes of that SOW. No SOW is effective unless it is executed by authorized representatives of both Parties.

Each SOW is expected to contain the following: (a) a summary and detailed description of the Services and Deliverables to be provided by Supplier; (b) applicable performance standards, service levels, specifications and Acceptance Criteria for such Services and Deliverables, and specific remedies (if any), in addition to those contained in this Agreement, for failure to meet such service levels or specifications, (c) the decisions, cooperation and materials, if any, to be provided by Customer; (d) the price and, if expressly authorized, the expenses to be paid, for Services and Deliverables delivered under the SOW; (e) the time schedule for completion of the Services and delivery of Deliverables; and (f) the designated project leader for each Party.

The project leader designated by each Party in a SOW will be the primary point of contact with the other Party, and must be fully aware of the progress under such SOW and any

issues or problems on a daily basis and responsible for the timely and acceptable performance of all obligations under such SOW. Such person must be able to obtain internal authorization from its Party for any requested decision or response from the other Party, and such authorized person must reply in a comprehensive manner within two (2) business days of request from the other Party, or within two (2) hours of a designated emergency request from the other Party. Should the Project Leader be inaccessible due to vacation, sick time, or any other reason, the Project Leader will arrange for a backup with the same responsibility as the Project Leader to be in place during the Project Leader's time out away from his/her employer's business.

Either Party may request in writing changes to a SOW, including changes that affect the scope or duration of Services, changes in the Deliverables, and changes in the delivery schedule. The Party requesting the changes shall provide written notice to the other Party. In all cases, Supplier will promptly (either with Supplier's written change request or shortly thereafter, or within three (3) business days of receipt of Customer's change request if designated as an emergency by Customer) notify Customer of Upon receiving such written notice, Supplier will promptly notify Customer in writing with the details of an anticipated adjustment in the fees or expenses to be paid to Supplier. The Parties will then negotiate promptly and in good faith (within 3 business days if designated an emergency request by Customer) a reasonable and equitable adjustment as part of an amendment to the SOW. Supplier, at Customer's written request, will suspend any or all of the work that Customer identifies as potentially unnecessary as a result of the change request that is being requested.

LICENSED ACCESS TO SUPPLIER PROPRIETARY SOFTWARE PLATFORM

Subject to the terms of the Agreement, Supplier grants Customer the limited right to access and use Supplier’s proprietary software platform and related documentation ("Supplier Platform") which is provided by or on behalf of the Supplier for purposes of performing Services related to logistics management, tracking, dispatch, routing and reporting of delivery operations, including SMS alerts, related reports and data dumps. The Supplier Platform is licensed for use by Customer, and not being sold, and Customer acknowledges that the Supplier Platform, including all customizations or other developments of such material, is proprietary to Supplier.

Customer agrees to use Supplier Platform only as contemplated by the Agreement and in compliance with all applicable law. Customer will not permit any third party to use or copy the Supplier Platform except as expressly provided in the Agreement.

Customer further agrees that it will not and will not permit any third party to (i) reproduce any part of the Supplier Platform, make modifications to, create derivative works based on, translate, disassemble, decompile, reverse engineer, attempt to derive the source code or otherwise decode or alter any software or other technology or documentation, including without limitation by taking any actions or attempting to take any actions the effects of which are to remove, isolate, sever, delete or disable any protection system integrated into such software or other technology or any other function or component thereof; (ii) integrate any software or other technology, in whole or in part, with or into the Supplier Platform, either as a separate program, module or component, or in order to create a new copyrightable work in which work Customer or any third party could claim any copyright ownership right, whether sole or joint, (iii) engage in any act that infringes upon any registered or unregistered intellectual property rights of the Supplier; (iv) use any of the Supplier Platform to develop any functionality that is substantially similar or equivalent to any of the Supplier Platform; (v) engage in any activity that would restrict the Supplier’s freedom to operate with respect to developing and selling its services using its intellectual property; (vi) reveal any Supplier Platform or Supplier Confidential Information to any affiliated entity or any other party that may engage in any act specified in the above; and (vii) otherwise take any action intended to circumvent the requirements of the Agreement.

COMPENSATION AND BILLING.

During the term of this Agreement, Customer agrees to compensate Supplier for its Services and Deliverables as provided in each SOW. Supplier may be compensated on a time and materials basis, on a fixed price basis, or as otherwise provided in the applicable SOW. In addition, if so specified in a SOW, Customer will reimburse Supplier for pre-approved travel, lodging and meal costs and expenses reasonably incurred by Supplier in connection with its performance of the Services and in accordance with any travel policies communicated by Customer to Supplier from time to time. Travel and expense reimbursement shall be only for actual charges reasonably incurred. Except for the compensation and expenses expressly agreed to be paid by Customer in this Agreement or a SOW, Supplier agrees to timely provide all Services at its expense. In addition, a fully executed SOW is required for Supplier to receive payment on any services or products provided.

Supplier will invoice Customer every month for time and materials engagements or at agreed upon milestones or period payment dates for fixed price engagements, as set forth in the relevant SOW. In addition to the foregoing, Supplier will invoice customer for licensed access to Supplier Platform as set forth in the applicable SOW.

Invoices will be mailed, or electronically submitted to the address or addresses specified in each SOW. Each invoice must be itemized and include: (a) a reference to the applicable SOW; (b) a detailed description of the relevant Services and Deliverables and times of performance or delivery; (c) a detailed description of all authorized reimbursable travel or other expenses; and (d) taxes, if any, and (e) any additional charges that Customer has agreed in writing, if any. Customer will pay the undisputed portion of all invoices within thirty (30) days of receipt. Customer may not set off any amount that Supplier is obligated to pay Customer hereunder against any amount payable by Customer.

If Customer believes that any adjustments to any invoices are necessary, it will give written notice to Supplier within sixty (60) days of receipt of an invoice, detailing the nature and basis of the requested adjustment, and the Parties shall work together promptly and in good faith to resolve the amount in dispute. Any mutually agreed upon adjustment that is made will be reflected in a subsequent invoice issued within thirty (30) days after any such adjustment is determined. In the event of an unresolved dispute over the amount of an invoice, the dispute resolution procedures provided by this Agreement shall be followed. Any charges for Services, Deliverables, or expenses or taxes not submitted to Customer within sixty (60) days after such Service or Deliverables are provided will be waived by Supplier unless otherwise stated in the applicable SOW. Customer agrees that any adjustments to invoices that are not requested within sixty (60) days of receipt of the invoice will be waived.

The Services and Deliverables are provided exclusive of all transactional taxes. Invoices will include and accurately set forth any applicable sales, use, excise, or other transactional taxes and are the responsibility of Customer. In the event Customer provides Supplier with valid tax exemption certificates with respect to any such tax and a taxing jurisdiction later disallows such exemption in an audit of Supplier, Supplier agrees to immediately notify Customer of such proposed disallowance and allow Customer to timely challenge any related assessment on its behalf through all available means. Customer has no obligation to pay any taxes based on Supplier's net income or Supplier’s corporate franchise taxes, or gross receipts taxes or license fees imposed on the Supplier for the privilege of doing business, or taxes for independent contractor relationship between Supplier and its personnel.

Supplier will maintain complete and accurate records of the fees and expenses charged to Customer under each SOW for at least 12 months after the termination or expiration of such SOW, and will make such records available to Customer during normal business hours upon reasonable advance written notice. Supplier will provide copying capability and work space and cooperate in any audit of such records that Customer may undertake; Supplier will cooperate in any audit of such records that Customer may undertake; provided, however, that: (a) any such audit will be at Customer’s sole expense unless such audit uncovers excessive payments of 5% or more of the aggregate invoice amounts subject to such audit, in which event Supplier will promptly pay the audit costs and reimburse Customer any such excessive payments; and (b) no such audit may occur more than once in any twelve (12) month period or cover periods that Customer previously audited. All credits due Customer, or payments due Customer assuming no further payment is due Supplier, must be credited or paid to Customer within sixty (60) days of Supplier's receipt of Customer's audit report.

At Customer’s request, Supplier will segregate the amounts invoiced under this Agreement into separate payment streams for (a) goods and services that are taxable to Customer, (b) goods and services that are non-taxable to Customer, and (c) goods and services provided on a pass- through expense basis.

CUSTOMER’S OBLIGATIONS.

Customer will reasonably cooperate with Supplier and timely and satisfactorily complete tasks for which it is responsible as set forth hereunder and in applicable SOW’s. Customer’s failure to perform such tasks will not be deemed to be grounds for termination by Supplier. Supplier’s failure to perform its obligations under this Agreement will be excused to the extent such failure results from Customer’s failure to perform required tasks in the applicable SOW.

Unless otherwise provided in a SOW, Supplier shall provide the Services for use at Customer's facility identified in the applicable SOW. When Services are provided at a Customer facility, Customer shall provide appropriate workspace consistent with the requirements of the Services to be provided under the SOW.

SUPPLIER’S OBLIGATIONS.

In addition to Supplier's other obligations under this Agreement, Supplier has the following obligations:

6.1. Supplier agrees that (a) it is an expert (someone who, through education or experience of its employees and contractors, has gained extensive knowledge of a particular subject so that Supplier could form an opinion that one without that extensive knowledge could not) in providing the types of Services and Deliverables it will perform and for the prices agreed to under this Agreement and SOWs, and in determining whether and how those Services and Deliverables will work for Customer, and (b) Customer is entitled to rely upon Supplier’s expertise.

Supplier will timely and satisfactorily perform all of its obligations under this Agreement and each SOW, and will maintain a staff adequate to meet such obligations in a high quality and timely manner.

Each item of equipment provided, supplied and installed by Supplier pursuant to this Agreement will be in good working order when installed and ready for use. Supplier will promptly make all adjustments, repairs and replacements necessary to correct any defects in any equipment it supplies under this Agreement. Customer’s use and possession of the equipment supplied by or through Supplier may not be interrupted or otherwise disturbed by Supplier or any person, firm or enterprise at any time controlled by or retained by Supplier or asserting a claim under or through Supplier.

Supplier will take the necessary steps to ensure that all third party product warranties will be passed-through to Customer, and if Supplier is unable to do so, will enforce such warranties on Customer's behalf.

Supplier is solely responsible for its employees and any subcontractors or other third parties it engages in the performance of the Services or delivery of Deliverables pursuant to this Agreement. Any breach of this Agreement by Supplier’s employees, subcontractors or suppliers will be deemed a breach by Supplier. Supplier will ensure that each such employee and subcontractor is bound, in writing, to the obligations of confidentiality with respect to Customer Confidential Information consistent with what is set forth in Section 11 below, and to the Customer facility rules, including Customer’s rights to search such employee’s computers and other materials brought onto Customer’s facilities by such personnel. Supplier will cause its employees and subcontractors at Customer's facilities to comply with Customer's safety, security, and confidentiality rules and other rules applicable to those working in Customer’s facilities, including but not limited to rules concerning training programs and policies, and access to and security of any Customer computer system to which Supplier may have access. Supplier will cooperate with authorized employees or third party agents or subcontractors of Customer and Customer Affiliates at Customer's and Customer Affiliate's facilities. Supplier will conduct criminal background checks and national sex offender registry checks of any of its employees and subcontractors who will have access to a Customer facility or Customer’s property in connection with the delivery of Services or Deliverables. Supplier will not cause any employee or subcontractor to be allowed access to a Customer facility or property if that person is on the national sex offender registry or if that person has been convicted or a felony or misdemeanor involving theft, fraud or violence during the last seven years. Additionally, Supplier is solely responsible for compliance with laws regarding background checks and the use of criminal history information.

Supplier agrees that Customer may request removal of any employee, subcontractor or supplier of Supplier working on Customer premises or a Customer SOW whom Customer reasonably deems to be unsatisfactory. Supplier will promptly remove such employee or subcontractor and, if requested by Customer, provide, at no additional cost to Customer, a suitable replacement within five (5) days of Customer’s request, or such other time frame that the Parties may mutually agree or as may be reasonably practicable under the circumstances. Supplier’s failure to provide a suitable replacement within such time will be deemed a material breach of this Agreement Supplier will use commercially reasonable efforts to ensure the continuity of Supplier’s employees and subcontractors assigned to perform Services under this Agreement and to provide at least 14 days advance written notice to Customer if a key employee or subcontractor providing Services is voluntarily leaving or changing positions. Supplier agrees that Customer will have the right to interview and approve any individuals that will be in a strategic operational or sales position for Customer prior to such individual being assigned to the Customer account.

Supplier will not introduce or code viruses or other damaging code into the systems used to provide the Services or into the computing systems or networks of the Customer Systems, and will use commercially reasonable efforts to prevent others from doing so. Supplier will perform regularly scheduled virus checks using the latest commercially available, industry-standard virus detection and scanning programs. If a virus is found to have been introduced by Supplier into any computing systems or networks of Customer or a Customer Affiliate, Supplier will notify Customer immediately. In addition, Supplier will use its commercially reasonable efforts to assist Customer in reducing the effects of the virus and, if the virus causes a loss of operational efficiency or loss of data, to assist Customer in mitigating and restoring such losses. Customer will provide reasonable access to the affected systems in order for Supplier to assist in such restoration of efficiency or data. If a virus is found to have been introduced into any computing systems or networks of the Customer System by Supplier or its employees or subcontractors or due to the negligence of Supplier, Supplier will perform all of its obligations under this Section 6.7 at no cost to Customer, and Supplier will be liable to Customer for direct damages and costs incurred by any entity in the Customer System as a result of such virus.

RESTRICTIONS ON SUPPLIER’S ACCESS TO CUSTOMER’S ELECTRONIC SYSTEMS. If Customer provides Supplier access to one or more of Customer’s electronic computing and/or communications systems (including but not limited to various internet, intranet, extranet, e-mail, and voice mail) (“E Systems”), Supplier agrees that the E Systems are owned by Customer, that Customer reserves the right to monitor use of the E Systems, that neither Supplier nor its employees or agents should have any expectation of privacy with regard to use of the E Systems, and that all information appearing on the E Systems (except for authorized information provided by Supplier or information publicly disclosed by Customer) will be considered as Customer Confidential Information (as defined in Section 11). Supplier agrees that it will not use the E Systems except for the benefit of the Customer System as expressly authorized by Customer in this Agreement or in the E Systems. Supplier agrees to maintain strict control of all usernames, passwords, and access lists it is given to the E Systems among only those of its current employees or other authorized users as are necessary to perform under this Agreement, to immediately remove such access for those persons no longer authorized, and to inform Customer immediately if there is reason to believe there is unauthorized access. Supplier agrees to cause all who gain access to the E Systems through Supplier to maintain the confidential nature of all Confidential Information, to not use the E Systems except for the benefit of the Customer System, and to not attempt to introduce a virus or otherwise attempt to alter, destroy or damage the E Systems. Supplier agrees that it will use the E Systems completely at its own risk, and that it will be liable to Customer for any damages incurred by Customer as a result of Supplier’s violation of these E System requirements. If Customer grants Supplier a shared access directory with Customer, Supplier agrees to update its access list to the E Systems every day in which there is a change in persons who should be on the list, and to forward such update on the same day to Customer. Supplier’s failure to keep such access lists up to date shall be deemed a material breach of this Agreement. At Supplier’s sole option; as an alternative, if requested by Supplier and for such time as Customer’s consent is in effect, Supplier may instead grant Customer access to Supplier’s payroll or comparable system so that Customer updates the E Systems access list of Supplier to remove employees who have left Supplier. Due to the importance of keeping access lists updated, Supplier grants Customer the right to audit Supplier’s access list from time to time, upon at least 48 hours prior notice. Supplier agrees to grant Customer or its agent’s access to its payroll and other records as appropriate to verify compliance with the audit list. Supplier agrees to pay Customer’s reasonable fees and costs of the audit if it is reasonably determined by Customer that Supplier’s access list was not kept up to date, on at least a weekly basis, from the time of any prior audit. Supplier agrees to update its access list (which list will be in the form of a report or profile generated from the Customer's personnel database) to the E Systems every day.

FINANCIAL STATEMENTS. Supplier will provide to Customer financial statements of Supplier (audited, if available) for its most recently ended fiscal year and unaudited interim financial statements of Supplier and any entity of Supplier for its most recently completed fiscal quarter (or, at Customer’s discretion, such other financial statements or information of Supplier reasonably requested by Customer). Supplier shall also from time to time provide Customer with such financial and other information concerning Supplier as Customer may reasonably request to confirm that Supplier has the financial strength and stability to perform its obligations under this Agreement. All financial statements and other financial information provided by Supplier shall be prepared in accordance with generally accepted accounting principles and shall fairly present the financial condition and results of operations of Supplier at their date and for their indicated period

WARRANTIES.

Supplier represents and warrants as follows:

Supplier's performance of Services and delivery of Deliverables pursuant to this Agreement does not and will not violate any applicable law, rule, or regulation (including without limitation any applicable import or export regulation and any licensing or permitting requirement) or breach any other agreement to which Supplier is a party or bound.

Supplier has full authority and sufficient rights to grant and convey the rights granted to Customer or any entity in the Customer System under Section 8 hereof or any SOW.

Supplier will deliver the Services in a professional and workmanlike manner in accordance with the highest industry standards. All Services will conform with the applicable performance standards and service levels set forth in this Agreement, or incorporated by reference in the applicable SOWs, to the reasonable satisfaction of Customer.

All Deliverables (including any computer program licensed to Customer or developed or modified by Supplier for Customer or an entity in the Customer System under this Agreement and associated documentation) will conform with the applicable specifications and requirements set forth or incorporated by reference in the applicable SOWs and will perform to the reasonable satisfaction of Customer for a period of 90 days following the end of the Acceptance Period (the "Warranty Period"). If Customer notifies Supplier in writing of a breach of the foregoing warranty during the Warranty Period, Supplier will promptly remedy such breach at no additional expense to Customer. In the event that Supplier, after using best efforts, is unable to remedy such breach within 30 days of notification, then Customer, in addition to any other remedies it may have, may return the Deliverable for a full refund of fees and expenses paid for such Deliverable and related Services. Notwithstanding the foregoing, Supplier has no obligation or liability to Customer under this warranty to the extent that a breach of this warranty results from: (a) Customer's use of such Deliverable without the written approval of Supplier (such approval not to be unreasonably withheld or delayed) and in a manner inconsistent with Customer’s intended use or reasonable foreseeable use at the time as contemplated by the applicable SOW is entered; and (b) alterations or modifications made to such Deliverable by Customer without the written approval of Supplier and that were not part of Customer’s intended or reasonable foreseeable use at the time the applicable SOW was entered into.

Each item of equipment provided, supplied and installed by Supplier pursuant to this Agreement will be in good working order when installed and ready for use to the reasonable satisfaction of Customer. Supplier will promptly make all adjustments, repairs and replacements necessary to correct any defects in any equipment for which it is providing maintenance under this Agreement. Customer’s use and possession of the equipment supplied by or through Supplier may not be interrupted or otherwise disturbed by Supplier or any person, firm or enterprise at any time controlled by or retained by Supplier or asserting a claim under or through Supplier.

SURVIVAL OF WARRANTIES. All warranties, expressed and/or implied, shall survive inspection, delivery, acceptance and payment, and the expiration or earlier termination of this Agreement unless otherwise specified in a SOW.

DISCLAIMER OF IMPLIED WARRANTIES. EXCEPT AS EXPRESSLY WARRANTED, SUPPLIER DISCLAIMS ALL OTHER WARRANTIES EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

INTELLECTUAL PROPERTY. Supplier will retain all rights and interests to all materials and intellectual property therein (including, without limitation, the Supplier Platform and all software and other technology, all tools, data, specifications or methods used to design, create, generate or otherwise develop the Deliverables or perform the Services) belonging to Supplier prior to the Effective Date of this Agreement or developed by Supplier independently of any obligations under this Agreement or an SOW, and including all customizations, adaptations and other modifications of such materials and all materials and intellectual property rights therein that are developed by Supplier independently of any obligations under this Agreement of an SOW (collectively, “Supplier Materials”).

Only when agreed between the Parties in an applicable SOW, will the Deliverables provided by Supplier (or its subcontractors or agents) under a SOW (including, without limitation, all documents, manuals, designs, improvements, enhancements, computer programs, computer systems, data, computer documentation and other tangible materials) be the sole and exclusive property of Customer, and will be considered “works made for hire” and constitute the work product of Customer. In the event any such Deliverables do not fall within the specifically enumerated works that constitute works made for hire under the United States copyright laws, Supplier, hereby assigns all rights granted under such laws to Customer with respect to such Deliverables. Supplier agrees to render, at Customer’s sole cost and expense for any of Supplier’s out of pocket expenses, all reasonably required assistance to Customer to protect such rights.

To the extent that Supplier incorporates any Supplier Materials into Deliverables that will be owned by Customer, Supplier hereby grants to Customer a perpetual, royalty-free, non-exclusive, nontransferable license to use such Supplier Materials and any further development of such Supplier Materials, solely in connection with use of the Deliverables by Customer or an entity within the Customer System; except that if such Supplier Materials consist of commercial software, the license terms for such software will be set forth in the applicable SOW.

In no event will either Party be precluded from developing for itself, or for others, materials that are competitive with the Deliverables, regardless of how the Deliverables are categorized and irrespective of their similarity to the Deliverables provided that no Confidential Information or intellectual property of either Party is used in the development of such other materials.

To the extent that Customer provides to Supplier under this Agreement any information or materials owned or licensed by Customer, including software code, data, trademarks, service marks or logos, (collectively, “Customer Materials”), Customer hereby grants to Supplier a limited, nonexclusive license to use such Customer Materials solely in connection with the provision of Services and in accordance with this Agreement, and subject to any terms or restrictions communicated by Customer to Supplier from time to time. Supplier will use the Customer Materials in a manner consistent with Customer’s ownership. Supplier acquires no ownership rights in the Customer Materials and the limited rights granted to Supplier under this Section end immediately upon termination or expiration of this Agreement. All use of the Customer Materials by Supplier will inure to the benefit of Customer.

Assignment. To the extent that any Deliverable(s) designate to be owned by Customer in a SOW is not deemed or recognized as “works made for hire,” under applicable law, Supplier hereby irrevocably grants, assigns, transfers, and sets over unto Customer in perpetuity all worldwide rights, title, and interest of any kind, nature, or description it has or may have in the future in and to such Deliverable(s). In addition, in order to assure that its employees, agents, and subcontractors do not possess proprietary rights in the Deliverables that are inconsistent with Customer’s rights in such Deliverables, Supplier shall promptly, and as reasonably necessary, obtain from its employees, agents, and subcontractors, the assignment, transfer, and conveyance to Supplier or Customer of any proprietary rights that they have or may have in the future in the Deliverables. Supplier shall not be entitled to make any use of any of the Deliverables except as may be expressly permitted in the Agreement.

Waiver of Moral Rights. To the extent permitted by law, Supplier waives any moral rights in any assigned Deliverables, such as the right to be named as author, the right to modify, the right to prevent mutilation and the right to prevent commercial exploitation, whether arising under the Berne Convention or otherwise.

LIMITATIONS OF LIABILITY.

NEITHER PARTY WILL BE LIABLE TO THE OTHER PARTY FOR ANY LOST PROFITS OR SPECIAL, INCIDENTAL, PUNITIVE, EXEMPLARY, INDIRECT OR CONSEQUENTIAL DAMAGES, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THE PROVISIONS OF THIS SECTION 9 SHALL APPLY REGARDLESS OF THE FORM OF ACTION, DAMAGE, CLAIM, LIABILITY, COST, EXPENSE, OR LOSS, WHETHER IN CONTRACT, STATUTE, TORT (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE), OR OTHERWISE.

EACH PARTY’S LIABLITY AT LAW, IN EQUITY, AND UNDER THIS AGREEMENT SHALL BE LIMITED TO THE SERVICE FEES GENERATED OR PAID IN THE TWELVE PRIOR TO THE DATE A CAUSE OF ACTION ACCRUES.

THE LIMITATIONS SET FORTH IN THIS SECTION 9 SHALL NOT APPLY TO A PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, A PARTY'S INDEMNIFICATION OBLIGATION UNDER SECTION 10, OR FOR A BREACH OF CONFIDENTIALITY UNDER SECTION 11.

INDEMNIFICATION.

Supplier will indemnify, hold harmless and defend Customer and entities in the Customer System, and their respective directors, partners, officers, employees, representatives, and agents (collectively, the “Indemnitees”) from and against any and all claims, liabilities, losses, reasonable and necessary expenses actually incurred (including reasonable attorneys' fees), fines, penalties, taxes or damages (collectively "Claims") asserted against Customer or an entity in the Customer System by a third party to the extent such Claims result from the infringement by the Services or Deliverables upon any third party's trade secret, trademark, service mark, copyright or patent (collectively, an “Intellectual Property Right”). If any of the Services or Deliverables are found to infringe on an Intellectual Property Right, in addition to its indemnity obligation, Supplier may within a reasonable time, at its option and sole expense, (a) secure for Customer the right to continue the use of such infringing item; (b) replace such item with a substantially equivalent non-infringing item or modify such item so that it becomes non-infringing; or (c) if neither of the preceding two options is feasible, accept return of the infringing item from Customer and refund to Customer the amount paid to Supplier for such item and Services provided in connection with such item depreciated over five years on a straight line basis.

In the event of a Claim for which Customer is seeking indemnification from Supplier, Customer will timely notify Supplier of such Claim, give Supplier the right to control and direct the defense (at Supplier's sole expense) and any settlement of any such Claim, and give reasonable cooperation to Supplier for the defense of same. Notwithstanding anything to the contrary above, Supplier may not enter into any settlement or other disposition of a Claim that requires Customer to contribute financially to a settlement or admit guilt or wrong doing without Customer's prior written approval.

If Customer provides or licenses to Supplier any Customer Materials under this Agreement, Customer will indemnify, hold harmless and defend Supplier from and against any Claims asserted against Supplier by a third party to the extent such Claims arise from the infringement by the Customer Materials upon a third party's Intellectual Property Right(s) as a result of the authorized use of such Customer Materials by Supplier in accordance with this Agreement. In the event of a Claim for which Supplier is seeking indemnification from Customer, Supplier will timely notify Customer of such Claim, give Customer the right to control and direct the defense and any settlement of any such Claim, and give reasonable cooperation to Customer for the defense of same. Notwithstanding anything to the contrary above, Customer may not enter into any settlement or other disposition of a Claim that requires Supplier to contribute financially to a settlement or admit guilt or wrong doing without Supplier's prior written approval.

CONFIDENTIAL INFORMATION.

Each Party will protect the other’s Confidential Information (as defined in Section 11.2) at all times and in the same manner as each protects the confidentiality of its own proprietary and confidential materials, but in no event with less than a reasonable standard of care. Each Party agrees not to disclose any such information except to such Party’s employees, contractors, agents or other representatives that have a need to know such information for purposes of this Agreement, such Party’s professional advisors and otherwise as required by law or regulatory authority. Confidential Information may only be used by the Receiving Party only with respect to its obligations to perform under this Agreement.

“Confidential Information” means (a) information or material that has been marked or designated in writing by the disclosing Party at the time of disclosure as proprietary or confidential and (b) in the case of a disclosing Party, all documents, computer programs, and documentation (including without limitation as relates to Supplier, the Supplier Platform), reports, financial or other data, records, forms, tools, products, services, methodologies, present and future research, technical knowledge, marketing plans, business plans, trade secrets, customer lists and operational data of the disclosing Party or its agents or subcontractors and any other material or information that due to its character and nature a reasonable person under like circumstances would treat as confidential, whether tangible or intangible and whether or not stored, compiled, or memorialized physically, electronically, graphically, in writing, or by any means now known or later invented, and including any work product and information developed during performance of this Agreement. The terms of this Agreement are the confidential information of both Parties. Confidential Information does not include information that: (i) is already lawfully known to the recipient at the time of disclosure; (ii) is or becomes publicly known through no wrongful act or failure of recipient; (iii) is independently developed by recipient without benefit of the other Party’s Confidential Information; or (iv) is received from a third party without further restrictions on disclosure, which is not under and does not thereby breach an obligation of confidentiality.

A receiving Party may disclose the disclosing Party's Confidential Information in response to service of valid process of subpoena, court order or civil demand of law enforcement, judiciary or other governmental body or agency provided that the receiving Party notify the disclosing Party in writing, except when prohibited by applicable law, statute, ordinance or regulation, within a reasonable time to allow the disclosing party to seek a protective order or waive compliance with this Agreement. If the disclosing Part does not seek a protective order or waives compliance, the receiving Party may disclose only that portion of Confidential Information legally required under the circumstance in the opinion of its legal counsel.


TERM; BREACH, SUSPENSION AND TERMINATION.

The term of this Agreement begins on the Effective Date and will continue until terminated in accordance with this Section 12. The term of each SOW will begin and end on the dates contained in such SOW.

Termination for convenience.

At any time that there is no uncompleted SOW outstanding, either Party may terminate this Agreement for any or no reason upon thirty (30) days advance written notice to the other. In such event, the terms of this Agreement will continue to apply to complete SOWs, to the extent that such terms by their nature reasonably would be expected to continue.

Customer may terminate for convenience any SOW by providing Supplier with at least ten (10) days prior written notice (the “Cancellation Notice”). Within 30 days after such termination, Customer will pay Supplier all fees and expenses that have been incurred or earned in connection with the performance of Services and delivery of Deliverables in accordance with this Agreement through the effective date of such termination. For partially completed milestone Deliverables or for partial periods of performance for which milestone or periodic payments are not yet due on the date of termination, Customer will pay Supplier a pro rata share of payment based upon the portion of the Services or Deliverables completed by Supplier as of the termination date. In the event of termination by Customer with less than the Cancellation Notice as described in this Section 12.2(b), Customer shall also pay a fee equal to the aggregate amount that Supplier’s personnel performing the applicable SOW would have billed for each eight hour day by which the Cancellation Notice is late.

Termination for Cause; Suspension.

By Supplier. Supplier may terminate any outstanding SOW upon written notice to Customer if Customer breaches a material term of this Agreement or such SOW and such breach remains uncured thirty (30) days after notice of such breach from Supplier, or ten (10) days in the case of non-payment. Upon any such termination by Supplier due to an uncured breach by Customer, Supplier will be paid within thirty (30) days after the effective date of termination the remaining fees and expenses which have been incurred or earned in connection with the performance of the Services through the effective date of such termination, it being Supplier’s duty to reasonably mitigate such damages.

By Customer. Customer may terminate any outstanding SOW upon written notice to the Supplier if (i) Supplier breaches a material term of this Agreement or an applicable SOW and such breach remains uncured thirty (30) days after notice of such breach from Customer, or (ii) Supplier commits more than three (3) breaches of a material term of this Agreement or applicable SOW(s) during any rolling twelve (12) month period, regardless of whether or not Supplier has cured such breaches to Customer's reasonable satisfaction. Upon Customer's termination of the Agreement pursuant to this Section 12.3(b), Supplier will be paid within thirty (30) days after the effective date of termination the reasonable value to Customer of the fees and expenses which have been incurred or earned for Services performed and Deliverables delivered and accepted in accordance with this Agreement and the applicable SOW through the effective date of such termination, but reduced by the reduction in value to Customer of any related Services already paid for by Customer and any other amounts owed to Customer under Section 2.2.

Suspension by Customer.

(i) Without limiting any of its termination rights above, Customer may, at its sole option and upon written notice to Supplier, suspend Supplier's status as an approved Supplier to Customer for a period of twelve (12) months ("Suspension Period") in the event that Supplier commits more than two (2) breaches of any of the terms of this Agreement (other than a breach of the confidentiality obligations in Section 11) during any rolling six (6) month period, regardless of whether or not Supplier has cured such breaches to Customer's reasonable satisfaction. During any Suspension Period, Supplier may not bid on any new services or projects (including, without limitation, any extensions of current services or projects) for the Customer.

Supplier acknowledges and agrees that its compliance with the confidentiality obligations set forth in Section 11 is critical to Customer and is a requirement for maintaining its status as an approved supplier for the Customer. Without limiting any of its remedies set forth in this Agreement or otherwise available to it in law or equity, Customer may, at its sole option and upon written notice to Supplier, suspend Supplier's status as an approved Supplier for Customer for a period of six (6) months in the event that Supplier commits any breach of Section 11, regardless of whether or not Supplier subsequently cures such breach to Customer's reasonable satisfaction. During such six (6) month period, Supplier may not bid on or undertake any new services or projects (including, without limitation, any extensions of current services or projects) for the Customer.

NOTICES.

All notices contemplated under this Agreement shall be in writing and shall be deemed received as reasonably evidenced via receipted mail (including e:mail, facsimile, overnight delivery, or regular mail), postage prepaid as applicable and addressed as follows:

If to Customer:

Attention: CIO

with a copy to:

If to Supplier:

GetSwift, Inc

1185 Avenue of the Americas, 3rd Fl. New York NY 10036

With copy to: General Counsel

A Party may from time to time change its address or designee for notification purposes by giving the other Party prior notice of the new address or designee and the date upon which the change will become effective.

INSURANCE.

Throughout the term of this Agreement, Supplier will at its own expense, obtain and maintain the following insurance: (a) Commercial General Liability, with coverage of not less than

$2,000,000 per occurrence and $10,000,000 in the aggregate for bodily injury and property damage; (b) Workers’ Compensation insurance in the amount required by statute for all states in which the Services are to be performed, (c) Professional Liability Insurance with limits of not less than $2,000,000 per occurrence and $4,000,000 in the aggregate, and (d) contractual liability insuring Supplier’s performance under this Agreement and all Statements of Work, with

limits of not less than $2,000,000 per occurrence and $4,000,000 in the aggregate. Customer will be named as an additional insured for all such insurance, with the exception of Workers’ Compensation and Professional Liability. Such insurance will require the Supplier to notify Customer in writing at least 30 days in advance of any change adverse to Customer to its coverage as described herein. Supplier will furnish certificates of insurance evidencing coverage or other acceptable evidence of self-insurance to Customer upon request. All insurance companies utilized will maintain a AM Best rating (or equivalent) of A- or better.

DISPUTE RESOLUTION.

This Agreement will be interpreted and enforced according to the laws of the State of New York, without regard to its conflict of laws principles. In the event of a dispute between the Parties under this Agreement, the Parties agree, at the request of either Party, to appoint executive officers to meet in good faith within sixty (60) days from such request, within sixty (60) days with a mediator experienced in this type of dispute, to resolve the dispute. The mediator’s costs and fees will be split equally by the Parties. The mediator will be selected by mutual agreement or according to the rules of the American Arbitration Association ("AAA"). In addition, the Parties irrevocably consent to the exclusive jurisdiction for any dispute

Any unresolved disputes between the Parties, except as otherwise provided in this Section, will be resolved exclusively by confidential binding arbitration in accordance with the Commercial Arbitration rules of the AAA; provided, one neutral arbitrator experienced in the type of dispute will be chosen in accordance with AAA rules. The arbitrator will charge the reasonable attorneys' fees and costs of the prevailing Party to the other Party, but in an amount not to exceed one-half of the value of the award. Either Party may file in appropriate state or federal court to temporarily protect its rights under this Agreement pending the outcome of the dispute resolution process.

USE OF AGREEMENT AND SOW BY CUSTOMER AFFILIATE; DIVESTITURE OF CUSTOMER AFFILIATE.

Supplier understands and agrees that its Services and Deliverables under this Agreement and under any SOW may be used by or for the benefit of the Customer or any Customer Affiliate, provided that key vendors of Customer may use Services or Deliverables only as such use relates to their interaction with or on behalf of Customer, its commonly owned affiliates, or Customer Affiliates. If Customer and Supplier agree it is appropriate, such use of the Services or Deliverables, for some or all of the Company Affiliates or key vendors, may require their execution of a separate adoption agreement in the form attached as Exhibit B to this Agreement. In either case, Customer assumes no liability for any Customer Affiliate that participates in this Agreement, or any SOW under this Agreement.

If Customer sells or otherwise reduces its interest in a Customer Affiliate (other than a contractual Customer Affiliate) below 50% (“Divested Affiliate”), Customer at its discretion, with no additional charge to Customer or Divested Affiliate, may allow the Divested Affiliate to temporarily (up to 180 days from the effective date of divestiture) continue to use Supplier’s Services and Deliverables, including any software on Divested Affiliate's equipment licensed from Supplier but not separately licensed to Divested Affiliate, or utilize such Services or Deliverables, or Software on Customer’s equipment to provide benefit to the Divested Affiliate for the purpose of facilitating an orderly transition of said Divested Affiliate to either become part of another organization or to achieve an independent status, provided that (a) such use does not exceed the use allowed under this Agreement were such Divested Affiliate to remain a part of Customer, (b) said use is governed by the terms and conditions of this Agreement and/or the applicable software license, and (c) Customer assumes responsibility for the Divested Affiliates use. With regard to software, Supplier will use commercially reasonable efforts to obtain such rights in any license agreements with third party suppliers of software provided to Customer under this Agreement.

BENEFIT OF AGREEMENT. All Customer Affiliates shall be third party beneficiaries of Supplier's obligations and restrictions under this Agreement and applicable SOWs and shall be entitled to enforce such obligations and restrictions directly against Supplier once such parties have executed an adoption agreement in the form attached as Exhibit B. No Customer Affiliate shall have financial or other liability whatsoever for any purchases made by other Customer Affiliate hereunder. In the case of products proprietary to Customer or any Customer Affiliate or containing Confidential Information of Customer or any Customer Affiliate, Supplier shall not sell such products to anyone other than Customer or a Customer Affiliate. Any consent, notice, approval, authorization, acceptance, inspection or shipment of, or payment for products ordered by a Customer Affiliate, may be given by that Customer Affiliate.

DATA PRIVACY AND DATA SECURITY / PAYMENT CARD INDUSTRY COMPLIANCE. If Supplier is or will be receiving, storing, maintaining, processing or otherwise have access to personal information (e.g. name, address, birth date, Social Security number, driver’s license number or state-issued ID, financial/bank account number, credit or debit card number, health related information or other personally identifiable information) of Customer’s employees and/or customers, Supplier represents and warrants that it will at all times comply with the terms and conditions set forth in Exhibit C of this Agreement, attached hereto and incorporated herein, concerning Data Privacy and Security.

Supplier represents and warrants that it is a PCI DSS certified service provider and will maintain that certification for the term of this Agreement. Supplier further represents and warrants that it uses a service provider that is PCI DSS certified and will insure that this provider retains such certification. Supplier agrees to the terms and conditions in Exhibit D of this Agreement, attached hereto and incorporated herein.

MISCELLANEOUS. Neither Party may use the name, trademarks, trade names, or service marks of the other Party, or quote the opinion of any employee of the other Party in any advertising, presentations or otherwise. Neither Party may issue any press release or public notice concerning Customer’s use of Supplier’s Services or otherwise reference the relationship of the Parties under this Agreement without the advance written consent of the other Party, or as otherwise required by law or regulatory authority.

Subject to Customer’s rights under Section 16, neither Party may assign or transfer this Agreement or any of its obligations hereunder without the other Party's express, prior written consent, which consent may not be unreasonably withheld or delayed.

The Parties will comply with all applicable laws, whether foreign, federal, state or local.

ENTIRE AGREEMENT. Supplier and Customer agree that this Agreement (including any applicable SOW issued by a Customer Affiliate) contains the entire agreement among the Parties with respect to the purchase and sale of products and/or the providing of Services.

Unless Supplier and Customer sign an agreement that amends the provisions of this Agreement and/or a SOW by express reference to the specific sections of this Agreement and/or a SOW, no other document may supplement or vary the terms of this Agreement and/or any SOW, and the terms of this Agreement and/or any applicable SOW shall control and supersede the terms of any prior agreements. An amendment to this Agreement shall apply to

Supplier and its current or future parent, subsidiary and commonly owned affiliates, and to Customer and Customer Affiliates.

Customer and each Customer Affiliate objects to any order acknowledgment or other type of order documentation issued by Supplier that states terms in addition to or different than, or which vary from, the terms of this Agreement and/or the applicable SOW; such additional, different or varying terms will not be part of any agreement between Supplier and Customer, even if such order documentation purports to govern or supersede this Agreement.

In addition, both Parties had ample opportunity to use counsel and to negotiate this Agreement and each SOW so that neither Party will be considered as the drafter of this Agreement against whom interpretation should be made. This Agreement, including the agreed SOWs, constitutes the entire agreement of the Parties and may be modified only in writing executed by an officer of the Party to be charged, and may not be modified by the terms of any invoice, or other document, or by any usage, custom, or course of dealing.

Neither Party is liable for any delays or failures in its performance hereunder resulting from circumstances or causes beyond its reasonable control, including, without limitation, force majeure acts of God, acts or threatened acts of terrorism, war or other violence, or any law, order or requirement of any governmental agency or authority (but excluding orders or requirements pertaining to tax liability). In the event of such delay or failure, the other Party does not have any duty to perform related responsibilities, and also has the right to cancel all affected SOWs as for uncured breach, if the delay is reasonably expected to last more than 30 days.

Supplier is performing the Services as an independent contractor, is not an employee, partner, joint venturer, or agent of Customer or any Customer Affiliate, and neither Party has or may represent that they have authority to bind the other, or be or become liable or bound by any representation, act or omission whatsoever of the other.

If any term or condition of this Agreement or a SOW is held to be invalid, void or unenforceable, the remainder of this Agreement or a SOW will valid and enforceable to the fullest extent permitted by law.

The section headings used herein are for reference and convenience only and will not affect the interpretation hereof.

During the term of and for six months after completion or termination of a SOW, neither Party may directly solicit for hire as an employee, any of the other Party's personnel who have had material direct involvement with the SOW; “solicit” does not mean posting or otherwise generally advertising open jobs, to which an employee of the other Party may respond.

Any sections which by their nature reasonably should survive, will survive any expiration or termination of this Agreement.

No single or multiple delay, failure to exercise, or partial exercise of any right or remedy will operate as a waiver thereof unless agreed to in writing by the Party to be bound thereby.

IN WITNESS WHEREOF, the Parties hereto have caused this Agreement to be executed by their duly authorized representatives as of the Effective Date. Supplier and Customer agree that Supplier will execute all agreements prior to Customer. In the event that Customer does sign this Agreement or a particular SOW. prior to Supplier, Supplier further agrees that it does not have the right to make any further changes to such agreement, or to bill Customer until such Agreement or SOW has been fully executed and delivered to Customer.

EXHIBIT A

STATEMENT OF WORK #

EFFECTIVE DATE:

This Document is a Statement of Work (“SOW”) as defined in the Master Services Agreement # (“Agreement”), between the parties and is subject to and incorporates by reference the provisions of the Agreement.

PARTIES TO THIS SOW:

_____________ (“Customer”) and

(“Supplier”)

NAME AND CONTACT INFORMATION FOR EACH PARTY’S PROJECT LEADER:

Customer: Supplier:

SUMMARY OF SERVICES TO BE PERFORMED:

TERM OF ENGAGEMENT:

SOW Effective Date:

SOW Expiration Date:

DELIVERABLES:

Services to be performed by Supplier include the Deliverables described below. Supplier will deliver each Deliverable on the due date and in accordance with the acceptance criteria (“Acceptance Criteria”) listed below. Customer may reject any Deliverable that does not conform to the applicable Acceptance Criteria.

DELIVERABLE/TASK

DELIVERY DATE

ACCEPTANCE CRITERIA

LOCATION FOR PERFORMANCE OF SERVICES:

CUSTOMER OBLIGATIONS:

Customer will complete the following tasks in connection with the Services.

TASK

DELIVERY DATE

COMPENSATION:

In accordance with the provisions of Section 4, “Supplier’s Compensation” of the Agreement, payment of fees shall be as follows:

For engagements that are invoiced once per month, Customer shall pay an “initial payment” of (i) percent ( %) of the anticipated total fees under this Statement of Work and (ii) any anticipated significant out-of-pocket expenses such as license fees or other fees related to software or hardware procurements;

For engagement that are not invoiced once per month, Customer shall pay according to the staged events identified below:

[insert the relevant staged or milestones that trigger invoices]; and,

the final balance of approximately twenty-five percent of the total fees due hereunder shall be due, along with any agreed upon adjustments, upon Customer’s acceptance of the Deliverables.

Supplier will provide Services or Deliverables requested by Customer which are related to this SOW at rates not to exceed the rates set forth below:

Title/Function

Hourly Rate

$ /hour

$ /hour

*This rate will apply to all hours worked, and includes all travel and expenses.

Customer will pay on an hourly basis. Total Compensation for this SOW is based on time and materials and not to exceed $ . Customer reserves the right to stop work at any time and pay only for work completed.

Payment is due net forty-five (45) days after Customer’s receipt of invoice. If Customer believes that any adjustments to any invoices are necessary, it will give written notice to Supplier within sixty (60) days of receipt of an invoice, detailing the nature and basis of the requested adjustment, and the Parties shall work together promptly and in good faith to resolve the amount in dispute. Any mutually agreed upon adjustment that is made will be reflected in a subsequent invoice issued within thirty (30) days after any such adjustment is determined. In the event of an unresolved dispute over the amount of an invoice, the dispute resolution procedures provided by the above referenced Agreement shall be followed. Any charges for Services, Deliverables, or expenses or taxes not submitted to Customer within sixty (60) days after such Service or Deliverables are provided will be waived by Supplier.

INVOICE ADDRESS:

Contact name

Address

City, state, zip

ASSUMPTIONS:

Services will be rendered during Customer approved business hours and designated workdays as specified by Customer Project Lead.

Supplier will not be held responsible for schedule delays or work stoppages caused by the inability of Customer to make the necessary personnel available during this project.

Any changes to the project scope, timeline or compensation will be handled through an addendum to this SOW signed by both parties.

ADDITIONAL BUSINESS TERMS AND CONDITIONS:

IN WITNESS WHEREOF, the Parties hereto have caused this Statement of Work to be executed by their duly authorized representatives as of the SOW Effective Date.

CUSTOMER SUPPLIER

By: By:

Name: Name:

Title: Title:

Date: Date:

EXHIBIT B

ADOPTION AGREEMENT

Master Services Agreement

By executing this ADOPTION AGREEMENT effective this day of , 20_, the undersigned franchisee, licensee or joint venture (“Company Affiliate”) of the affiliates of ____________(“Customer”) agrees to be bound by the terms and conditions of the Master Services Agreement between [INSERT NAME OF ENTITY ("Company") and [INSERT NAME OF SUPPLIER] (“Supplier”), dated [INSERT DATE], and to be bound to the terms and conditions of the Statement of Work (“SOW”) between Customer and Supplier, dated [INSERT DATE], for purposes of any purchases of products or services received by Customer Affiliate under such SOW.

Agreed and Accepted.

Franchisee [INSERT NAME OF SUPPLIER]

By: By:

Printed: Printed:

Title: Title:

Date: Date:

EXHIBIT C

DATA PRIVACY AND DATA SECURITY

Any personal information including name, address, birth date, Social Security number, driver’s license number or state-issued ID, financial/bank account number, credit or debit card number, health related information or other personally identifiable information (“Personal Information”) collected, or otherwise possessed or controlled, by Supplier in the course of performing its Services hereunder, will be collected, secured and maintained in accordance with Customer’s privacy policy as it may be amended or updated from time to time, as well as any international, federal, state or local privacy and/or security laws or regulations applicable to the collection, use, transfer or storage of such Personal Information or the Services (“Privacy Laws”). Supplier will at all times perform its obligations hereunder in such a manner as not to cause Customer or any Customer Affiliate to be in violation of the Privacy Laws.

All Personal Information is and will remain the property of Customer and/or subject to the privacy rights of the individuals from whom the Personal Information is collected. Supplier will collect, use, access, maintain, and disclose or share the Personal Information only to the extent strictly necessary to perform its obligations under this Agreement, or as otherwise required by law and/or permitted by Customer. Supplier may not otherwise use or modify the Personal Information, merge it with other data, commercially exploit it, disclose it, or do any other thing that may in any manner adversely affect the integrity, security or confidentiality of such Personal Information, other than as expressly specified herein or as directed by Customer in writing.

Supplier will be fully responsible for any unauthorized collection, access, use and/or disclosure of Personal Information. Without limiting the foregoing, Supplier will employ administrative, physical, technical and organizational safeguards that:

are designed to prevent the unauthorized collection, access, use and disclosure of Personal Information (“Safeguards”); and

meet or exceed industry standards regarding Safeguards.

The Safeguards will include at a minimum:

maintaining on Supplier’s premises a secure location (that may include electronic storage), in which any and all Personal Information will be stored;

encryption of any Personal Information that is transmitted into or outside of Supplier’s computer systems through electronic means of communication (e.g., e-mail or Internet) and when placed on mobile storage media (e.g., laptops, thumb drives, flash drives);

training its employees and subcontractors regarding their confidentiality obligations and the treatment of Personal Information hereunder; and providing access to Personal Information only to Supplier’s employees and subcontractor personnel, who have a need to know or otherwise access the Personal Information to enable Supplier to perform its obligations hereunder, and who are bound by obligations of confidentiality sufficient to protect the Personal Information in accordance with the terms hereof (“authorized employees”).

Upon Customer’s written request, Supplier will promptly identify such authorized employees to Customer in writing. During the term of each authorized employee’s employment by Supplier, Supplier will at all times cause such authorized employee to strictly abide by its obligations hereunder and, after the termination of his/her employment, Supplier will use the same efforts to enforce the

confidentiality obligations of such authorized employee as Supplier uses to enforce such obligations with respect to its own similarly confidential information, provided that Supplier will not use less than reasonable efforts in such enforcement.

Supplier represents and warrants that it has in place a comprehensive written security program to protect Personal Information and will otherwise cooperate with Customer in maintaining and implementing, at Customer’s request, procedures to ensure the security of the Personal Information. Supplier further agrees that it will maintain a disciplinary process to address any unauthorized access, use or disclosure of Personal Information by any of Supplier’s officers, partners, principals, employees, agents or independent contractors.

Except in response to a valid court order or otherwise to the extent legally required in response to a request from a law enforcement agency, in no event will Supplier disclose any Personal Information to any third party except to the extent strictly necessary to perform its obligations under this Agreement or applicable SOW, and in such case subject to a binding agreement requiring the same level of data privacy, protection and information security as required hereunder.

Supplier will immediately (i) notify Customer in writing of any breaches or suspected breaches of security that may result in the unauthorized collection, access, use or disclosure of Personal Information or (ii) inform Customer in writing if Supplier receives any oral or written notice of inquiry, investigation or review from any individual or administrative agency (such as the Federal Trade Commission or State Attorney Generals’ offices or other similar agency in countries outside of the U.S.) that arises out of, relates to or affects the Services provided by Supplier. Supplier will comply with Customer requests and make all reasonable efforts to assist Customer in relation to the investigation and remedy of any such breach of security and any claim, allegation, action, suit, proceeding or litigation with respect to the unauthorized access, use or disclosure of the Personal Information. Supplier will not communicate orally or send notices in writing to individuals or government agencies regarding any inquiry, investigation or review without the prior written approval of Customer. Supplier shall indemnify and hold harmless Customer from and against any and all claims, damages and expenses (including reasonable legal fees) arising from a security breach or suspected security breach relating to personal data residing on Supplier’s systems or to the extent such breach or suspected breach arises out of the actions or inactions of Supplier.

EXHIBIT D HOSTING & SECURITY

Supplier shall provide the following, or in the case of Supplier using a third party to provide services or hosting, Supplier shall cause such third party to provide:

Physical Security:

Supplier shall provide:

A physical security control system which will manage and monitor physical access to all associated infrastructure components so that only authorized individuals will be granted access to host systems. All physical access to the systems will be logged and the logs will be maintained for at least one year.

A logical access control system which will manage and monitor interactive and remote access to all associated systems, applications and data so that only authorized individuals will be granted access to approved information. All unauthorized access attempts will be denied and logged. Denied access logs will be maintained for at least one year.

Security Infrastructure: Segregated, Secure Network from Other Clients.

Supplier shall provide a secure infrastructure topology that will include the following components:

A network firewall configuration which will grant internet access from the Internet to the front-end web servers over approved ports only. All other ports from the Internet to the front-end web servers will be denied.

A network firewall configuration which will segment the Internet-accessible front-end web servers from the second- and third-tier application and database servers so that the front-end web servers will communicate with the application and database servers over approved ports only. All other ports from the internet-accessible front-end web servers to the second- and third-tier application and database servers will be denied.

A network firewall configuration which will enable system administrators to communicate from the hosted internal network to the web, application and database servers over approved system administration ports only. All other ports from the hosted internal network to the web, application and database servers will be denied.

A network firewall configuration which will deny communications from the web, application and database servers to any unapproved systems over any unauthorized ports, including denying communications to other customers’ applications and systems.

An intrusion detection monitoring system which will log and alert system administrators of suspected unauthorized attempts to access, manipulate, or disable associated systems, data or application services. Intrusion detection alerts will be monitored 24 hours per day, seven days per week, 365 days per year.

A security event logging system to log all authorized and unauthorized access attempts to associated systems, data or application services. Security event logs will be maintained for at least one year.

In addition to the security requirements set forth in the Agreement, Suppliers’ privacy and security team will ensure the following standards are implemented, adhered and regularly monitored for compliance:

Internal Server Security.

All servers will be security hardened to disable all unnecessary services, protocols and user access accounts.

All associated servers will be successfully patched with hardware, software, and operating system security patches within thirty (30) days of their release dates.

All associated servers will be actively running antivirus software with antivirus definitions updated at least once per day.

Legal disclaimer text will be included on the user authentication page. The content of the disclaimer language will be supplied by Customer.

Data Transfers.

Supplier will require SSL/TLS encryption for all web communications to/from the application. SSL/TLS will be required and enforced for all authentication and application communication processes. No application communications will occur between the users’ browsers and the Web servers over clear-text HTTP.

All data uploads, downloads or other transfers between Supplier and Customer’s systems will be encrypted over Secure Shell File Transfer Protocol (SFTP).

No user information or user data will be transmitted to users or others via clear-text email or other clear-text transmission protocols.

Login ID standard:

Conform to Customer’s login id format

Remove the “remember me” option that will automatically log an account back in

Password Standard: The following password policies will be enforced:

Users’ passwords must be at least seven characters in length.

Users must change their passwords immediately upon first logon.

Users’ passwords must contain at least seven characters.

Password verification will be case-sensitive.

Users’ passwords must contain at least one upper-case character, one lower-case character, one numeral and one special character.

Passwords must expire every 180 days.

Users must be notified of password expirations at least 14 days in advance.

Users cannot re-use a password for at least 12 password change occurrences.

Users’ accounts must lock out for 30 minutes after six successive invalid password attempts.

One login session per login ID

Timeout:

Users’ authenticated browser sessions will time-out after 20 minutes of inactivity. Users must log back into the application to continue using the application after it has timed out.

Auditing:

All successful and unsuccessful logon attempts will be logged. All user accounts and associated user data must be deleted from the application server and associated systems upon termination from Customer and/or the Supplier program. Data may remain on tape if necessary to support regulatory compliance laws.

Customer reserves the right to audit said third party to ensure compliance to Customer security standards.

Web Content Filtering:

Supplier providing internet access should be filter and block inappropriate websites via blacklisting tool.

Application Development:

All third-party applications must be developed in accordance with the Yum! Application Security Policy.

Applications that provide access to Yum! confidential data must have controls that permit only authorized users to access the information.

Quality control methods must be used to ensure that software developed in-house or provided by 3rd parties does not introduce security vulnerabilities to Customer’s computing environment.

Application developers, vendors and owners must ensure that security and availability related updates are installed as soon as possible per testing, approval and scheduling processes.

Applications and application features must fail in a secure manner.

Application source code must be appropriately secured and retained to prevent unauthorized access or disclosure and facilitate reuse.

Applications must log system access and usage events according to application development and support team requirements.

All web applications, web service applications, and interfaces must be developed based on secure coding guidelines such as Open Web Application Security Project and NIST SP 800-95

Web Application Development:

Web applications will be developed based on secure coding guidelines such as the Open Web Application Security Project (OWASP) and NIST SP 800-95 guidelines. These include specific guidelines in the following areas:


Authentication

Authorization

Session Management

Data Validation

Interpreter Injection

Canonicalization, Locale and Unicode

Error Handling, Auditing and Logging

File System

Buffer Overflows

Administrative Interfaces

Cryptography

Configuration

Denial of Service

PHP

Quality control methods will be used to ensure that software developed does not introduce security vulnerabilities to Customer’s computing environment. This includes identifying risks through threat and vulnerability analysis, including scanning for the OWASP Top 10 issues if the application is web or web services based. These are:

• Cross Site Scripting (XSS)

Injection Flaws, particularly SQL injection

Malicious File Execution via remote file inclusion (RFI)

Insecure Direct Object Reference

Cross Site Request Forgery (CSRF)

Information Leakage and Improper Error Handling

Broken Authentication and Session Management

Insecure Cryptographic Storage

Insecure Communications

Failure to Restrict URL Access

Web Application quality control tests must be performed before applications are migrated to production, after code changes or web app enhancements prior to internet rollout. Test may be static (code analysis) or dynamic (web penetration testing), and must the requirements above.

Web Applications that contain sensitive information such as cardholder data, personally identifiable information (PII), sensitive corporate information, or other information that is classified as confidential or restricted confidential must be tested no less than monthly for security vulnerabilities.

All non-sensitive web applications that contain publically available information must be tested quarterly for security vulnerabilities.

All Yum Web Services clients must uniquely authenticate and authorize to Web Services operations

All External Yum Web Services communications must be encrypted

Third Party Service and Hosting Requiring PCI Security (i.e., Credit Card Processing)

In addition to the audit requirements outlined in this Agreement, Supplier shall provide reasonable access and cooperate with any audits and security reviews requested and conducted by Visa or Visa-approved entities upon written notice that a security intrusion has been detected.

Supplier shall maintain, keep and preserve at a secure location and area, accessible to authorized personnel (i.e., VISA approved entities) upon request, any and all credit cardholder data collected and stored by or through Supplier through the expiration or termination of this Agreement and for the post-termination period required by PCI DSS and industry standards referred to herein. This includes protecting Customer’s environment and data from other Supplier customer environments and data pursuant to PCI requirement 12.8.

Supplier represents and warrants that it is and shall remain fully compliant with all applicable Payment Card Industry (PCI) compliance standards and hereby acknowledges that it is responsible for maintaining the security of all credit cardholder data collected and stored by or through Supplier pursuant to an applicable SOW. Supplier shall provide to Customer on an annual basis, documentation to support completion of the then current PCI requirements and acceptance by Visa and/or other third party organization designated by Visa. Documentation for the Customer service must include completed Report on Compliance by a Qualified Security Assessor (QSA) and external vulnerability scanning results from an Approved Scanning Vendor (ASV). Cost of compliance audits and compliance controls to be borne by the Supplier.

Supplier represents and warrants that any third party that stores, processes or transmit Customer customer credit card data on behalf of Supplier will in turn be required to be continuously PCI compliant.

Third Party Network Provider Requiring PCI Security for Credit Card Processing

In addition to the audit requirements outlined in this Agreement, Network Provider shall provide reasonable access and cooperate with any audits and security reviews requested and conducted by Visa or Visa-approved entities upon written notice that a security intrusion has been detected.

Network Provider shall maintain a secure point to point network as defined by PCI standard definition of a Network Provider.

If Network Provider transports unencrypted data, any and all credit cardholder data collected, transmitted and stored by or through Network Provider through the expiration or termination of this Agreement and for the post-termination period must be controlled per PCI Standard and industry standards referred to herein.

Network Provider represents and warrants that it is and shall remain fully compliant with all applicable Payment Card Industry (PCI) compliance standards and hereby acknowledges that it is responsible for maintaining the security of all network related PCI requirements pursuant to this Agreement. If Network Provider transports unencrypted data or provides additional services, such as remote access from the internet or public internet access, that these services will be provided in a PCI compliant manner. Network Provider shall provide to Customer on an annual basis, documentation to support completion of the then current PCI requirements and acceptance by Visa and/or other third party organization designated by Visa. Documentation for the Customer service must include completed Report on Compliance by a Qualified Security Assessor (QSA) and external vulnerability scanning results from an Approved Scanning Vendor (ASV). Cost of compliance audits and compliance controls to be borne by the Network Provider.

Network Provider represents and warrants that any third party that stores, processes or transmit Customer customer credit card data on behalf of Network Provider will in turn be required to be continuously PCI compliant.