Table of Contents

• Terms of service
  • 1. Definitions
  • 2. Use of the service
  • 3. Customer obligations
  • 4. Payment terms
  • 5. Support and service levels
  • 6. Data ownership, access and privacy
  • 7. Software
  • 8. Hardware
  • 9. Confidential information and personal information
  • 10. Suspension
  • 11. Term and termination
  • 12. Warranty and disclaimer
  • 13. Indemnification
  • 14. Limitation of liability
  • 15. General
• SCHEDULE “A” DATA SHARING AGREEMENT CONTROLLER TO PROCESSOR
  • 1. Definitions and interpretation
  • 2. Data Protection
• Exhibit 1 Data processing details Subject-matter of processing:
  • Duration of the processing:
  • Nature and purpose of the processing:
  • Type of Personal Data:
  • Categories of Data Subjects:
  • Processing Instructions:

Terms of service

Terms of service govern the Service (as defined below) to be delivered to Customer by ENFOCOM International Corp., 3553 31 Street NW, Alistair Ross Technology Centre, Calgary, Alberta, Canada, T2L 2K7 ("ENFOCOM") , as specified in an Order Form. Customer agrees to be bound by these Terms of Service as well as the Order Form, the Privacy Policy (as defined below) and any additional terms incorporated by reference (collectively, the "Agreement"). This Agreement is effective on the Effective Date set out on the Order Form.

1. Definitions

1.1. "Account" is defined in Section 2.4;

1.2. "Agreement" is defined in the preamble above;

1.3. "Ancillary Services" are secondary services that may be provided in support of a Customer engagement, including but not limited to computer and network forensic analysis, general IT advice and guidance, and recommendation of IT security best practices;

1.4. "Business Day" means between 9AM to 5PM Mountain Time on a day other than a Saturday, Sunday, or statutory holiday in the Province of Alberta;

1.5. "Confidential Information" means any data, documentation, or other information of a proprietary or confidential nature, whether or not identified as being confidential or proprietary, which is disclosed or made available by a party to the other party in connection with this Agreement. Confidential Information does not include information that the receiving Party can establish, with reasonable evidence, that: (i) the receiving party already knew; (ii) becomes public through no fault of the receiving party; (iii) was independently developed by the receiving party; or (iv) was rightfully given to the receiving party by a third party. Confidential Information, for the purposes of this Agreement, does not include any Personal Information;

1.6. "Customer" means the customer identified in the applicable Order Form, including, as applicable, Users;

1.7. "Daily" means between 8AM to 8PM Mountain Time on a day other than a Saturday, Sunday or statutory holiday in the Province of Alberta;

1.8. "Customer Data" means any data or other information provided, transmitted, displayed or made available by or through the Service by Customer or Users;

1.9. "Event of Force Majeure" is defined in Section 15.5;

1.10 "Fees" means the fees and charges specified in the Order Form;

1.11. "ENFOCOM" is defined in the preamble above;

1.12. "Hardware" means any ENFOCOM hardware as set out in the Order Form;

1.13. "High Risk Activity" means activities with a likelihood of injury or death, including but not limited to controlling aircrafts or other modes of human mass transportation, nuclear or chemical facilities, life support systems, weaponry systems or any similar scenario where failure could lead to personal injury, death or environmental damages;

1.14. "Intellectual Property Rights" means any right that is or may be granted or recognized under any Canadian or foreign legislation regarding patents, copyrights, neighbouring rights, moral rights, trade-marks, trade names, service marks, industrial designs, mask work, integrated circuit typography, privacy, publicity, celebrity or personality rights and any other statutory provision or common or civil law principle regarding intellectual and industrial property, whether registered or unregistered, and including rights in any application for any of the foregoing;

1.15. "Licensed Software" means the ENFOCOM™ software and any other ENFOCOM software specified in the Order Form to be installed in Customer network and connected to the Managed Service Network;

1.16. "Managed Service Network" means ENFOCOM’s computer network used to provide the Service;

1.17. "Order Form" means an order form for the Service signed and submitted by Customer and accepted by ENFOCOM, and which incorporates these Terms of Service by reference;

1.18. "Personal Information" means information about an identifiable individual;

1.19. "Privacy Policy" is defined in Section 6.1;

1.20. "Service" means ENFOCOM’s managed cyber security monitoring service, including any Licensed Software or Ancillary Services, as specified on an applicable Order Form;

1.21. "Service Level" is defined in Section 5.1;

1.22. "Support Response Time" means the applicable support response time period included for the Service Level selected by Customer on the Order Form and described in Section 5.5;

1.23. "Term" is defined in Section 11.1;

1.24. "Third Party Materials" means data, services, content, software, hardware, add-ons or applications provided by a third party that interoperates with or is complimentary to the Service. Third Party Materials may include an application that is listed in a catalog or package offered by ENFOCOM;

1.25. "Threat Intelligence" is defined in Section 6.2;

1.26. "Threat Response Time" means the applicable threat response time period included for the Service Level selected by Customer on the Order Form and described in Section 5.4; and

1.27. "User" means any individual who uses or gains access to the Service through the Customer’s Account.

2. Use of the service

2.1. Customer may only receive and use the Service: (i) during the Term; (ii) for its own internal business purposes; and (iii) in accordance with this Agreement. If Customer does not understand these Terms of Service or any part of this Agreement, or does not agree to any of these Terms of Service or the Agreement, then Customer must not use the Service.

2.2. ENFOCOM may deliver the Service with the assistance of its affiliates, subcontractors, or suppliers. Notwithstanding the foregoing, ENFOCOM will remain responsible to Customer for delivery of the Service.

2.3. Customer and Users must comply with all laws, rules, and regulations applicable to Customer’s use of the Service and to any Customer Data.

2.4. Customer must have an account to use the Service ("Account"). Customer is responsible for the information provided to create Customer’s Account, the security and passwords for Customer’s Account, and for any use (or User’s use) of Customer’s Account. Customer must keep login credentials confidential. If Customer believes its Account has been compromised, or if Customer becomes aware of any unauthorized use of its Account, Customer will notify ENFOCOM by e-mail as promptly as possible at [email protected].

2.5. Compliance. ENFOCOM may monitor use of the Service to verify Customer’s and Users’ compliance with this Agreement. ENFOCOM may request information from Customer to assist with such verification, and Customer shall provide such information to ENFOCOM. If ENFOCOM reasonably believes that a problem with the Service may result from Customer Data or Customer’s use of the Service, Customer will cooperate with ENFOCOM to identify and resolve the problem.

2.6. Monitoring. ENFOCOM may monitor use of the Service by Customer and Users, and collect configuration, performance, usage, and consumption data relating to such use, in order to: (i) facilitate or improve delivery of the Service; and (ii) improve ENFOCOM’s products and services. ENFOCOM will not access any Customer Data except as necessary to provide the Service.

2.7. Modification of the Service. ENFOCOM may, from time to time: (i) change (a) the Service, (b) the terms governing Customer’s use of the Service, or (c) any portion of the documentation relating to the Service (including the Privacy Policy); or (ii) elect to cease providing any aspect of the Service. ENFOCOM will give Customer prior notice of changes, and the effective dates of any changes, by posting a notice at https://support.fieldeffect.com, or via email or other communications ENFOCOM typically uses to notify Customer of changes. The modifications will become effective on the date specified in such notice. Customer’s continued use of the Service after such effective date will be deemed acceptance of the modified terms. If ENFOCOM makes a material or detrimental change to the Service, to the terms governing Customer’s use of the Service, or to any part of the Service documentation that affects Customer’s use or ability to use the Service, Customer may terminate this Agreement by notifying ENFOCOM no later than thirty (30) days after the effective date of the change. If Customer terminates this Agreement pursuant to this Section 2.7, the termination will be effective as of: (i) the date ENFOCOM receives Customer’s notice, or (ii) any later date specified in such notice. Customer will be responsible for all Fees incurred up to and including the effective date of any termination pursuant to this Section 2.7.

3. Customer obligations

3.1. Customer is responsible for ensuring that all Users comply with Customer’s obligations under this Agreement.

3.2. Customer is responsible for maintaining a suitable connection to the Managed Service Network and for ensuring that Customer contacts identified in the Order Form are available and responsive when contacted by ENFOCOM to address and resolve service related incidents.

3.3. Customer and Users must not: (i) resell, sublicense, or distribute any aspect of the Service; (ii) copy, modify, or create derivative works of, reverse engineer, decompile, translate, disassemble, or otherwise attempt to extract any source code of any Licensed Software; (iii) use the Service to directly or indirectly create, train, or improve a substantially similar service or product; (iv) use the Service in connection with any High Risk Activity; (v) access the Service in a manner intended to avoid incurring Fees or accepting this Agreement or any other applicable terms; (vi) engage in, promote or encourage illegal activity; (vii) use the Service for any unlawful, invasive, infringing, defamatory or fraudulent purpose (e.g., phishing); (viii) use the Service to intentionally distribute viruses, worms, Trojan horses, corrupted files, hoaxes, or other items of a destructive or deceptive nature; (ix) interfere with the use of the Service, or any equipment used to provide the Service, by other users; (x) disable, interfere with or circumvent any aspect of the Service; (xi) generate, distribute, publish or facilitate unsolicited mass email, promotions, advertisements, or other solicitations; or (xii) use the Service or any interfaces provided by the Service to access any other ENFOCOM product or service in a manner that violates or avoids the terms with respect to such other ENFOCOM product or service.

3.4. If Customer becomes aware that any Customer Data or any use of the Service violates Section 3.3, Customer must take prompt action to remove the applicable Customer Data and/or suspend such use of the Service. ENFOCOM may require that Customer take action within a specified period of time. If Customer fails to comply with such request, then ENFOCOM may suspend Customer’s use of the Service pursuant to Section 10.

3.5. As part of or through Customer’s use of the Service, Customer may receive access to Third Party Materials. Customer is responsible for complying with any terms that may be presented to Customer when Customer accesses or receives such Third Party Materials. Except as may be expressly provided, Third Party Materials are available “AS IS” without indemnification, support (unless otherwise specified), or warranty or condition of any kind from ENFOCOM.

4. Payment terms

4.1. Customer will be responsible for paying a monthly recurring fee for the Service and any applicable fees for Licensed Software and/or Hardware (together the "Fees"), as set out in the Order Form. Fees do not include any applicable commodity taxes, or other taxes levied or assessed by any local and/or government authority, as well as surcharges for foreign taxes or those imposed by third-party providers, and any applicable withholding tax (collectively "Taxes") and Customer will be responsible for paying such Taxes. ENFOCOM will invoice Customer monthly in advance (unless otherwise set forth in the Order Form) for the monthly recurring fee for the Service, applicable Licensed Software and/or Hardware (if being paid by monthly recurring installments) and Taxes.

4.2. Payment. Payment may be made by credit card, cheque, electronic funds transfer or wire transfer. ENFOCOM, in its sole discretion, reserves the right to change acceptable methods of payment upon prior notice to Customer. Customer must pay all Fees, in the amount and currency specified in the applicable invoice, no later than thirty (30) days after the date of the invoice. If any legislation authorizes Customer to purchase the Service, and any applicable Licensed Software and/or Hardware, without payment of commodity taxes, Customer must supply ENFOCOM with sufficient evidence of such authorization. Fees and Taxes are subject to a late payment charge at the rate specified in the invoice, which rate may vary from time to time, calculated from the date of invoice, if Fees and Taxes are not paid when due.

4.3. Disputed Charges. If ENFOCOM determines that certain billing inaccuracies are attributable to ENFOCOM, ENFOCOM will not issue a corrected invoice, but will instead issue a credit memo specifying the incorrect amount in the affected invoice. If the disputed invoice has not yet been paid, ENFOCOM will apply the credit memo amount to the disputed invoice, and Customer will be responsible for paying the resulting net balance due on that invoice. Otherwise, the credit will be applied to the next invoice.

5. Support and service levels

5.1. ENFOCOM will use commercially reasonable efforts to ensure the Service performs substantially in accordance with this Agreement and the service level objectives and response times for the service level selected in the Order Form ("Service Level"), if any, for the Term, provided that the Service, including any Licensed Software and Hardware, has at all times been used in accordance with this Agreement. If ENFOCOM fails to meet any such objective or response time, and Customer notifies ENFOCOM, then ENFOCOM will, as its sole obligation and Customer’s exclusive remedy: (i) for any breach of the applicable objective, use commercially reasonable efforts to remedy the failed service level objective; or (ii) for any failure to meet a response time, provide a response as soon as possible. Notwithstanding the foregoing, Service availability will be subject to: (i) regularly scheduled maintenance; (ii) unscheduled maintenance with advance notice that Services may be interrupted, where feasible; (iii) failures of Internet connectivity; (iv) Customer’s failure to meet any minimum Hardware or Licensed Software requirements specified by ENFOCOM; or (v) any other reason beyond ENFOCOM’s reasonable control. ENFOCOM staff are available during "Support Hours", which are from 9AM to 5PM MST, on a day other than a Saturday, Sunday, or statutory holiday in the Province of Alberta.

5.2. Customer will be provided advance notice of scheduled maintenance outages and, in the event of an unscheduled system outage, ENFOCOM will use commercially reasonable efforts to provide advance notice and to restore the Service to normal operation as quickly as possible. All reasonable efforts will be made to minimize potential Customer disruption.

5.3. ENFOCOM will provide support for Customer’s use of the Service in accordance with the applicable service level objectives and support descriptions based on the Service Level.

5.4. ENFOCOM will, as part of the Service, accept support tickets through the support platforms made available to the Customer for Customer’s selected Service Level. ENFOCOM will use commercially reasonable efforts to acknowledge support tickets submitted by Customer in accordance with the following "Support Response Times", during ENFOCOM’s Support Hours:

1. Tickets submitted with an "urgent" priority will be acknowledged within one (1) hour;

2. Tickets submitted with a "high" priority will be acknowledged within eight (8) hours;

3. Tickets submitted with a "medium" or "normal" priority will be acknowledged within two (2) Business Days; and

4. All other tickets submitted with "low" or no priority identified will be acknowledged within five (5) Business Days.

ENFOCOM, in its sole discretion, reserves the right to modify the priority level of a support ticket submitted by Customer.

5.5. ENFOCOM will conduct data analysis and system management activities as specified for the applicable Service Level. For greater clarity, data analysis will not include any traffic or data that has not been made available to ENFOCOM by Customer.

5.6. The Technical Contact listed on the Order Form will be contacted during Support Hours for questions related to Customer’s system operation.

6. Data ownership, access and privacy

6.1. Ownership of the Service. As between the parties, ENFOCOM owns and retains all right, title and interest, and all Intellectual Property Rights in and to the Service, including all improvements, enhancements, modifications and derivative works thereto or thereof. This includes any information (other than Customer Data) that ENFOCOM collects and analyzes in connection with the Service and any reports generated by ENFOCOM. Customer’s rights to use the Service are limited to those expressly granted in this Agreement. No other rights with respect to the Service, any Licensed Software, any Hardware or any related Intellectual Property Rights are granted or implied.

6.2. Data Ownership. As between the parties, Customer and Users retain all right, title and interest in and to any Customer Data and all Intellectual Property Rights in such Customer Data. ENFOCOM’s rights to access and use Customer Data are limited to those necessary to deliver the Services. In delivering the Services, ENFOCOM may collect Customer Data and other information that relates to potential threats to Customer’s network(s) and may, subject to Section 6.3 below, use such Customer Data and other information to protect the networks of other ENFOCOM customers ("Threat Intelligence"). ENFOCOM will retain all right, title and interest in and to any such Threat Intelligence and all Intellectual Property Rights therein provided that ENFOCOM shall not disclose any Confidential Information of Customer, except as required by law.

6.3. ENFOCOM may collect, use, process, transfer, store and disclose Customer Data, including Personal Information, as required to provide the Service, and in accordance with Section 9.1 and ENFOCOM’s Terms & Privacy, found at: https://enfocomcyber.com/privacy-statement-ca/ ("Privacy Policy"). Customer warrants and represents that it has obtained all required consents and/or provided all required notifications to allow ENFOCOM to collect, use, process, transfer and disclose Customer Data, including Personal Information, as contemplated under this Agreement. If Customer or any Users are located in the European Union, the terms set out in Schedule "A" will apply.

6.4. Customer is responsible for ensuring that the security of the Service is appropriate for Customer’s intended use of the Service, and for the storage, hosting or processing of any Customer Data. Customer is responsible for taking and maintaining appropriate steps to protect confidentiality, integrity and security of all Customer Data from unauthorized access, use, loss or destruction. Those steps include, but are not limited to: (i) implementing any ENFOCOM guidance on deployment conditions; (ii) controlling the access that Customer provides to Users; (iii) configuring the Service appropriately; (iv) ensuring the security of Customer Data while it is in transit to and from the Service; (v) using encryption technology to protect Customer Data; and (vi) backing up Customer Data. Customer is responsible for providing any necessary notices to Users, and obtaining any legally required authorizations or consents from Users regarding their use of the Service.

7. Software

7.1. Depending on the configuration and implementation of the Service that Customer has purchased, as specified on the applicable Order Form, Customer may receive Licensed Software from ENFOCOM, to be used to deliver the Service. In such case, the terms of this Article 7 shall apply.

7.2. The Licensed Software must be installed in Customer’s on-premises network environment to enable Customer’s use of the Service. If such Licensed Software is subject to a separate licence agreement, Customer agrees to comply with the terms of such licence. If the Licensed Software does not have an accompanying licence agreement, then the licence terms set out in this Agreement will apply. Licensed Software may contain open source software, and Customer will be bound by any additional terms and conditions applicable to such software.

7.3. Subject to the terms and conditions of this Agreement, ENFOCOM grants to Customer, during the Term, a non-exclusive, non-transferable, non-assignable, royalty-free, license to install and use the Licensed Software solely for Customer’s internal, business purposes and in connection with the Service. Customer shall not, except with prior written approval of ENFOCOM, use the Licensed Software for the benefit of, or disclose the Licensed Software to, any other agency, department, person, company or other entity. Nothing in this Agreement constitutes a transfer of any Intellectual Property Rights in the Licensed Software. As between ENFOCOM and Customer, ENFOCOM owns all Intellectual Property Rights in the Licensed Software and any suggestions, comments or ideas that Customer contributes to or discloses to ENFOCOM with respect to the Licensed Software.

7.4. ENFOCOM may update and otherwise modify the Licensed Software at it sole discretion, provided such changes do not materially diminish the quality or level of service provided.

7.5. Customer must not: (i) use the Licensed Software for any purpose or in any manner other than as strictly required for Customer’s internal business purposes in connection with the Service; (ii) permit any third party to use the Licensed Software (except as may be permitted pursuant to Section 7.3); or (iii) unless and to the extent expressly permitted by applicable law, decompile, disassemble or otherwise reverse engineer the Licensed Software or permit any third party to do so.

8. Hardware

8.1. This Section 8 shall only apply if Customer’s use of the Service includes Hardware.

8.2. In the event that Customer orders any Hardware as part of the Service, ENFOCOM will ship the Hardware to Customer site. Customer will be responsible for ensuring the hardware is properly installed, powered on and connected to Customer’s network.

8.3. Unless otherwise indicated on the Order Form, all Hardware is to be returned to ENFOCOM upon termination or expiry of this Agreement.

8.4. Where Customer uses non-ENFOCOM hardware, ENFOCOM will not be responsible for providing support related to such non-ENFOCOM hardware, operating system configuration, hardware and system performance, and installation dependences (including required hardware or software packages).

8.5. Hardware support will be provided by the Hardware manufacturer. In cases of Hardware failure, Customer will contact ENFOCOM through an available support platform. ENFOCOM will notify the Hardware manufacturer and the Hardware manufacturer will deal with Customer directly to address the issue. Customer agrees to cooperate with the Hardware manufacturer for Hardware support activities, which may include a third party visiting Customer’s premises or the shipment of equipment back to ENFOCOM or a third party (at no additional cost).

9. Confidential information and personal information

9.1 Each party will: (i) protect the other party’s Confidential Information and Personal Information with the same standard of care it uses to protect its own Confidential Information and Personal Information (but in no event less than a reasonable standard of care); and (ii) not disclose Confidential Information or Personal Information, except to employees and agents who have agreed in writing to keep it confidential, on a need-to-know basis. Each party (and any employees and agents to whom it has disclosed Confidential Information or Personal Information) may use such Confidential Information or Personal Information only to exercise rights and fulfill obligations under this Agreement. Each party is responsible for any actions of its employees and agents in violation of this Section 9.1. Upon termination of this Agreement, the parties will promptly either return or destroy all Confidential Information and Personal Information, and, upon request, provide written certification of compliance with this Section 9.1. Notwithstanding the foregoing, the parties agree that this Section 9.1 does not operate to prevent the parties from retaining the other party’s business contact information (including business email addresses) after termination of this Agreement and in accordance with applicable laws.

9.2. If the receiving party is compelled by law to disclose Confidential Information or Personal Information of the disclosing party, the receiving party shall provide the disclosing party with prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the disclosing party’s cost, if the disclosing party wishes to contest the disclosure.

9.3. If the receiving party discloses or uses (or threatens to disclose or use) any Confidential Information or Personal Information of the disclosing party in breach of this Section 9, the disclosing party will have the right, in addition to any other remedies available to it, to seek injunctive relief to enjoin such acts, it being specifically acknowledged by the parties that any other available remedies are inadequate.

9.4. Neither party will issue any press release, public announcement, or public statement regarding the existence or content of this Agreement without the other party’s prior written approval. ENFOCOM may include Customer’s name and logo online or in promotional materials. Customer may revoke ENFOCOM’s right to use Customer’s name and logo under this Section 9.4 with written notice to ENFOCOM and a reasonable period to stop such use.

10. Suspension

10.1. ENFOCOM may suspend Customer’s use of the Service if (i) ENFOCOM has not received payment for the Service within thirty (30) days after the date on which payment is due; (ii) Customer is in breach of the Agreement; (iii) Customer’s use of the Service poses a security risk to the Service or to other users of the Service; or (iv) suspension is required pursuant to a court order or other legal requirement. ENFOCOM will give Customer notice before suspending Customer’s use of the Service if permitted by applicable law or unless ENFOCOM determines that providing notice presents a risk of harm to the Service, to other users of the Service, or to any person or property, in which case ENFOCOM will notify Customer as soon as feasible or permitted. Customer will remain responsible for all Fees incurred before or during any suspension.

11. Term and termination

11.1. Term. This Agreement will remain in effect for the Agreement Term specified in the Order Form or until terminated by either party in accordance with the terms set out herein (the "Term").

11.2. Termination for Cause. Either party may terminate this Agreement by giving notice in writing to the other party upon the occurrence of any of the following: (i) the other party commits a material breach with respect to a material obligation under this Agreement and does not remedy that breach within thirty (30) days after receiving written notice of the breach; or (ii) Customer does not resolve the underlying cause resulting in a suspension pursuant to Section 11 within ten (10) days after Customer’s Account is suspended. Customer’s failure to pay any Fees, taxes or other amounts when due is a material breach with respect to a material obligation.

11.3. Termination for Insolvency. Either party may terminate this Agreement effective immediately upon notice to the other party if that party enters into a compulsory or voluntary liquidation, or convenes a meeting of its creditors or has a receiver appointed over any part of its assets or takes or suffers any similar action in consequence of a debt, or ceases for any reason to carry on business.

11.4. Termination for Convenience. Subject to any early termination fees or penalties as may be specified on the Order Form, either party may terminate this Agreement for any reason by providing Customer at least thirty (30) days’ advance written notice.

11.5. Effect of Termination. Upon the expiry or termination of this Agreement for any reason, then all rights granted to Customer under this Agreement, including Customer’s right to use the Service and any Licensed Software, will immediately terminate and Customer must: (i) stop all use of the Service, (ii) return or, if ENFOCOM requests, destroy any Confidential Information and Personal Information, of ENFOCOM, (iv) within thirty (30) days delete and destroy all Licensed Software within Customer’s possession or control; and (v) return any Hardware owned by ENFOCOM. As between Customer and ENFOCOM, Customer is responsible for ensuring that Customer has necessary copies of all Customer Data prior to the date of expiry or termination. On termination of this Agreement, Customer will be responsible for the payment of all non-recurring fees for Hardware in full and all such amounts will become immediately due and payable. Except to the extent termination is permitted under Section 2.7 or Section 11.2, termination of this Agreement will not entitle Customer to any refunds, credits or exchanges, and Customer will be liable for all Fees incurred up to the effective date of the termination.

11.6. Survival. Any provision that, by its nature and context is intended to survive termination or expiration of this Agreement, including Section 1, 4, 6.1, 6.2, 9, 11.5, 12, 13, and 14 will survive.

12. Warranty and disclaimer

12.1. CUSTOMER ACKNOWLEDGES THAT ENFOCOM DOES NOT WARRANT THAT THE OPERATION OF THE SERVICE, INCLUDING ANY LICENSED SOFTWARE OR HARDWARE, WILL BE UNINTERRUPTED OR ERROR FREE, OR THAT THE SERVICE WILL MEET (OR IS DESIGNED TO MEET) CUSTOMER’S BUSINESS REQUIREMENTS. SUBJECT TO SECTION 14.3, ENFOCOM IS NOT RESPONSIBLE OR LIABLE FOR THE DELETION OF OR FAILURE TO STORE ANY CUSTOMER DATA AND OTHER COMMUNICATIONS MAINTAINED OR TRANSMITTED THROUGH CUSTOMER’S USE OF THE SERVICE. CUSTOMER IS SOLELY RESPONSIBLE FOR SECURING AND BACKING UP CUSTOMER DATA AT ALL TIMES. EXCEPT AS EXPRESSLY PROVIDED FOR HEREIN, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, ENFOCOM DOES NOT MAKE ANY WARRANTY OF ANY KIND RELATED TO THE SERVICE OR LICENSED SOFTWARE, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR RELIABILITY. 12.2. CUSTOMER ACKNOWLEDGES AND AGREES THAT THE NATURE OF THE SERVICE MAY: (I) REQUIRE THAT SPECIFIC WEBSITES BE RENDERED UNREACHABLE OR UNAVAILABLE BY THE SERVICE OR ENFOCOM FROM TIME TO TIME IN ORDER TO MITIGATE ANY SUSPECTED, POTENTIAL OR ACTUAL THREAT; (II) RESULT IN THE DISRUPTION OF ANY NETWORK CONNECTION(S) (INCLUDING INTERNAL AND EXTERNAL NETWORK CONNECTIONS) TO THE CUSTOMER’S NETWORK OR THE MANAGED SERVICE NETWORK; (III) PREVENT EXTERNAL DEVICES (SUCH AS USB KEYS) FROM FUNCTIONING IN A COMPUTER; (IV) RESTRICT CHANGES TO COMPUTER OR NETWORK SETTINGS; (V) PREVENT CERTAIN NETWORK OR COMPUTER PROCESSES; AND (VI) RESULT IN ENFOCOM BLOCKING CERTAIN ACTIVITIES OR MATERIALS DUE TO FALSE POSITIVE THREATS. ENFOCOM IS NOT RESPONSIBLE OR LIABLE WHATSOEVER FOR ANY CLAIMS, FINES, LOSSES, DAMAGES, OR OTHER COSTS OR EXPENSES INCURRED BY CUSTOMER ARISING OUT OF OR OTHERWISE RELATING TO SUCH ACTIONS.

13. Indemnification

13.1. Indemnification by Customer. If ENFOCOM is subject to any third party claim or demand concerning: (i) any Customer Data; (ii) any infringement or misappropriation of any Intellectual Property Rights by Customer or any Users in connection with the use of the Service; (iii) any violation of law by Customer or any Users in connection with the use of Service; (iv) Customer’s or Users’ use of the Service in violation of this Agreement; (v) unauthorized disclosure of Customer Data to ENFOCOM; or (vi) Customer’s or Users’ use of any Third Party Materials (collectively, "Claims"), then Customer will defend, indemnify and hold ENFOCOM harmless against any such Claims and any and all fines, losses, damages or other costs arising out of or otherwise relating to the Claims, or agreed to in settlement of the Claims. ENFOCOM will: (i) notify Customer as soon as possible, in writing, of any Claim; (ii) give Customer control over the defence regarding any Claim; and (iii) reasonably cooperate in response to Customer’s requests for assistance. Subject to the foregoing, ENFOCOM may participate in the defence or settlement of the Claim, at its own expense. Customer will not settle any Claims, without ENFOCOM’s prior written consent, not to be unreasonably withheld.

13.2. Indemnification by ENFOCOM.

Subject to the limitations set out in Section 13.1, ENFOCOM agrees to defend, indemnify and hold Customer harmless against any third party claims alleging that the Service or use of the Service for purposes authorized in this Agreement infringes any patent, copyright, trademark, service mark or other proprietary right of such third party or constitutes misuse or misappropriation of a trade secret of a third party (an "Infringement Claim"). Customer will: (i) notify ENFOCOM as soon as possible in writing of any Infringement Claim; (ii) give ENFOCOM control over the defence regarding the Infringement Claim; and (iii) reasonably cooperate in response to ENFOCOM’s requests for assistance. ENFOCOM will pay all damages finally awarded against and reasonable expenses incurred by Customer.

13.3. If the Service becomes or in ENFOCOM’s opinion is likely to become the subject of an Infringement Claim, ENFOCOM will, at ENFOCOM’s option and expense: (i) procure the rights necessary for Customer to keep using the Service; (ii) modify or replace the Service to make it non-infringing; or (iii) terminate the Agreement and refund any prepaid Fees.

13.4. ENFOCOM will have no obligation under Section 13.2 or otherwise with respect to any Infringement Claim based on: (i) Third Party Materials; (ii) any combination of ENFOCOM products and services with non-ENFOCOM products or services, including any Third Party Materials; (iii) use of the Service for a purpose or in a manner not permitted by the Agreement; (iv) any modification to the Service made without ENFOCOM’s express written consent; or (v) any aspect of the Service provided on a no-charge basis.

14. Limitation of liability

14.1. LIABILITY FOR DAMAGES. ENFOCOM’S TOTAL CUMULATIVE AGGREGATE LIABILITY TO CUSTOMER FOR DAMAGES, EXPENSES, COSTS, LIABILITY, CLAIMS OR LOSSES (COLLECTIVELY "DAMAGES") ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT OR THE PROVISION OF THE SERVICE, WHETHER ARISING IN NEGLIGENCE, TORT, STATUTE, EQUITY, CONTRACT, COMMON LAW, OR ANY OTHER CAUSE OF ACTION OR LEGAL THEORY EVEN IF ENFOCOM HAS BEEN ADVISED OF THE POSSIBILITY OF THOSE DAMAGES, IS LIMITED TO DIRECT, ACTUAL, PROVABLE DAMAGES AND WILL IN NO EVENT EXCEED AN AMOUNT EQUAL TO THE TOTAL AGGREGATE MONTHLY FEES PAID BY CUSTOMER FOR THE SERVICE DURING THE SIX-MONTH PERIOD BEFORE THE EVENT GIVING RISE TO THE DAMAGES.

14.2. NO LIABILITY FOR CERTAIN DAMAGES. CUSTOMER AGREES THAT IN NO EVENT WILL ENFOCOM BE LIABLE FOR ANY LOST BUSINESS REVENUE, LOSS OF PROFITS, OR FAILURE TO REALIZE EXPECTED PROFITS OR SAVINGS OR ANY INDIRECT, CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, SPECIAL OR PUNITIVE LOSS OR DAMAGE (EVEN IF ENFOCOM HAS BEEN ADVISED OR HAD KNOWLEDGE OF THE POSSIBILITY OF SAME OR COULD HAVE REASONABLY FORESEEN SAME) AND REGARDLESS OF THE FORM IN WHICH ANY ACTION IS BROUGHT, WHETHER ARISING IN NEGLIGENCE, TORT, STATUTE, EQUITY, CONTRACT, COMMON LAW, OR ANY OTHER CAUSE OF ACTION OR LEGAL THEORY EVEN IF ENFOCOM HAS BEEN ADVISED OF THE POSSIBILITY OF THOSE DAMAGES. ENFOCOM WILL NOT BE LIABLE FOR ANY DAMAGES WHATSOEVER FOR DAMAGE TO CUSTOMER NETWORKS OR THE NETWORK OF ANY THIRD PARTY AS A RESULT OF ENFOCOM’S DELIVERY OF THE SERVICE, INCLUDING ACCESS TO CUSTOMER NETWORKS AND CUSTOMER DATA.

14.3. NOTWITHSTANDING ANYTHING IN THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO THIS ARTICLE 14, IF ANY CUSTOMER DATA IS LOST, DAMAGED, OR CORRUPTED AS A RESULT OF ENFOCOM’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, ENFOCOM’S ONLY LIABILITY IS, AT ENFOCOM’S OWN EXPENSE, TO RESTORE CUSTOMER DATA USING THE MOST RECENT BACK-UP KEPT BY CUSTOMER. CUSTOMER IS RESPONSIBLE FOR MAINTAINING AT ALL TIMES AN ADEQUATE BACK-UP OF CUSTOMER DATA.

15. General

15.1. Assignment. This Agreement shall bind and enure to the benefit of the parties and their respective successors and permitted assigns. Customer may not assign this Agreement, in whole or in part, without the prior written consent of ENFOCOM.

15.2. Notices. All notices and consents provided to Customer shall be given in writing and will be: (i) sent to the email address associated with Customer’s Account; or (ii) posted on https://support.fieldeffect.com. All legal notices or other correspondence to ENFOCOM must be sent to [email protected].

15.3. No waiver. No waiver of any provision of this Agreement shall bind a party unless consented to in writing by that party. No waiver of any provision of this Agreement shall be a waiver of any other provisions, nor shall any waiver be a continuing waiver, unless otherwise expressly provided in the waiver.

15.4. Severability. If any provision of this Agreement is found by a court of competent jurisdiction to be invalid, illegal or unenforceable, the other provisions of this Agreement shall not be affected or impaired, and the offending provision shall automatically be modified to the least extent necessary in order to be valid, legal and enforceable.

15.5. Force Majeure. ENFOCOM will not be liable for any delay or failure to perform its obligations under this Agreement to the extent that the failure is caused by an Event of Force Majeure, provided that ENFOCOM keeps Customer informed in such circumstances and uses reasonable endeavours to rectify the situation. "Event of Force Majeure" means any event beyond the reasonable control of ENFOCOM, including acts of God, strike, war (including civil war), acts of any state or government, acts of terrorism, fire, explosions, the elements, epidemics, blackout, embargo, or any delay or interruption in third party telecommunications services.

15.6. Entire Agreement. This Agreement is the entire agreement between the parties with respect to the subject matter, and supersedes all other agreements between the parties relating to the subject matter. In entering into this Agreement, neither party has relied on, and neither party will have any right or remedy based on any statement, representation or warranty, express or implied (including through course of dealing), except those expressly set out in this Agreement.

15.7. Interpretation. The headings are for convenience of reference only and will not affect its construction or interpretation. The words "include" or "including" means "include without limitation" and "including without limitation", respectively.

15.8. No Partnership and Third-Party Beneficiaries. This Agreement shall not be construed to and does not create a relationship of agency, partnership, employment or joint venture. Nothing in this Agreement, express or implied, shall or is intended to confer on any other person, firm or enterprise, any rights, benefits, remedies, obligations or liabilities of this Agreement, other than the parties, their respective successors or permitted assigns.

15.9. Governing Law. This Agreement is governed by the laws of the Province of Alberta, Canada and the laws of Canada therein (excluding its conflicts of law provisions), and the courts of Alberta will have non-exclusive jurisdiction over all matters arising hereunder. The parties attorn to the exclusive jurisdiction of the courts in Calgary, Alberta, Canada in respect of all matters arising out of or in connection with this Agreement.

15.10. Counterparts. This Agreement may be signed in one or more counterparts (including through electronic signatures), each of which shall be considered an original and all of which, taken together, shall constitute one and the same instrument.

15.11. Language. The parties have requested that this Agreement and all correspondence and all documentation relating to this Agreement be written in the English language. Les parties aux présentes ont exigé que la présente entente, de même que toute la correspondance et la documentation relative à cette entente, soient rédigées en langue anglaise.

SCHEDULE “A”
DATA SHARING AGREEMENT CONTROLLER TO PROCESSOR

1. Definitions and interpretation

For purposes of this Schedule, the following definitions will apply.

"Data" shall mean the Personal Data, including any Special Personal Data, provided by Customer to the Service Provider pursuant to this Agreement or which is otherwise Processed by the Service Provider on behalf of Customer pursuant to this Agreement;

"Controller" shall have the meaning given to it in the Regulation;

"Data Subject" shall have the meaning given to it in the Regulation;

"Processor" shall have the meaning given to it in the Regulation;

"Personal Data" shall have the meaning given to it in the Regulation;

"Processing" shall have the meaning given to it in the Regulation;

"Regulation" means the regulations on the protection of natural persons with regard to the processing of personal data and on the free movement of such data known as the General Data Protection Regulation ((EU) 2016/679);

"Service Provider" means ENFOCOM International Inc., whose registered office is at 3553 31 Street NW, Alistair Ross Technology Centre, Calgary, Alberta, Canada, T2L 2K7;

"Special Personal Data" shall mean the special categories of Personal Data as set out at Article 9(1) of the Regulation;

"Sub-Processor" means as set out at Clause 2.4.

2. Data Protection

2.1. The parties acknowledge that Customer is a Controller and the Service Provider is a Processor in relation to the Data. The parties also acknowledge that, in relation to certain Processing of the Data, the Service Provider may also be a Controller and the Service Provider agrees, in relation to Data for which it is a Controller, to comply with its obligations under the Regulation.

2.2. To the extent not stated elsewhere in this Agreement, Exhibit 1 set outs the following information in relation to the Data:

1. subject-matter of the Processing;
2. duration of Processing;
3. nature and purpose of the Processing;
4. type of Data;
5. categories of Data Subject; and
6. processing instructions.

2.3. The Service Provider shall:

1. Process the Data only on the documented instructions of Customer as set out in this Agreement and any changes agreed with Customer, to perform its obligations under this Agreement and ensure it takes steps to ensure that its personnel and those of its subcontractors only Process Data on instructions from Customer, unless required to do otherwise by applicable law. If the Service Provider is aware that or of the opinion that any instruction given by Customer breaches the Regulation or data protection law of any European Union Member State, the Service Provider shall inform Customer of this before processing, unless the law prohibits such information on important grounds of public interest;
2. ensure that its personnel who are authorised to Process Data are under obligations of confidentiality;
3. take the measures that are expressed to be obligations of the Processor in Article 32 of the Regulation in order to ensure the appropriate level of security for the Data;
4. taking into account the nature of the Processing, assist Customer with its obligations to comply with Data Subjects’ requests and Data Subjects’ rights under Chapter III of the Regulation through the use of appropriate technical and organisational measures;
5. taking into account the nature of processing and the information available to the Service Provider, assist Customer in ensuring compliance with Customer’s obligations in Articles 32-36 of the Regulation and in doing so shall (at no cost to Customer):
   1. promptly record and then refer all Data Subject Requests it receives to Customer within three days of receipt of the request;
   2. provide such information and cooperation and take such action as Customer reasonably requests in relation to each Data Subject Request, within the timescales reasonably required by Customer; and
   3. not respond to any Data Subject Request or Complaint without Customer’s prior written approval.
   4. provide such information, co-operation and other assistance to Customer as Customer reasonably requires (taking into account the nature of processing and the information available to the Service Provider) to ensure compliance with Customer’s obligations under Data Protection Laws, including with respect to:
      1. security of processing;
      2. data protection impact assessments (as such term is defined in Data Protection Laws);
      3. prior consultation with a Supervisory Authority regarding high risk processing; and
      4. any remedial action and/or notifications to be taken in response to any Personal Data Breach and/or Complaint, including (subject in each case to Customer’s prior written authorisation) regarding any notification of the Personal Data Breach to Supervisory Authorities and/or communication to any affected Data Subjects.
6. at the written election of Customer, either:
   1. securely destroy the Data (including all copies of it); or
   2. return the Data (including all copies of it) to Customer in the format required by Customer which retains the integrity of the Data at any time upon request by Customer or promptly upon termination or expiry of this Agreement, unless the law requires storage of the Data, without prejudice to the right of the Service Provider to keep such information that may be useful to defend any court action as long as the applicable limitation period is not over;
7. provide all information necessary to demonstrate the Service Provider’s compliance with this Clause 2 and allow Customer and its authorised representatives, upon reasonable prior written notice to the Service Provider, reasonable access during normal business hours to any relevant premises and documents to inspect the procedures and measures referred to in this Clause 2;
8. not Process or transfer Data outside of the European Economic Area (or any country deemed adequate by the European Commission pursuant to Directive 95/46/EC or the Regulation) without putting in place adequate protection for the Data pursuant to Article 46 of the Regulation;
9. at all times perform its obligations under this Agreement in such a manner as not to cause Customer in any way to be in breach of the Regulation; and
10. perform its obligations under this Agreement (and any other agreement relating to the provision of the Services) in full compliance with the Regulation and all applicable guidelines, statutory orders, supplementary laws and codes of practice issued by relevant regulators pursuant to or in connection with the Regulation, including as may be issued by the Office of the Information Commissioner in the UK, data protection regulators of other European Union Member States or as may be issued by the European Commission or the Board (and “Board” shall have the meaning given at Article 68 the Regulation).

Exhibit 1
Data processing details
Subject-matter of processing:

cyber security monitoring of the Customer’s networks and systems.

Duration of the processing:

until expiry/termination of the Agreement, payment of all sums owed under the Agreement, settlement of all disputes under the Agreement and lapsing of any applicable limitation period; more specifically, while most Data will be erased upon the expiry/termination of the Agreement, the Data contained in the following media may be stored until the latest of the above:

1. reports issued by the Service Provider under the Agreement;
2. logins and diagnostics monitored under the Agreement.

Nature and purpose of the processing:

monitoring the Customer’s networks and systems for cyber security threats, vulnerabilities, and other information that could be used to compromise, degrade or otherwise negatively affect the Customer’s equipment, data and operations.

Type of Personal Data:

any Personal Data (identity, contact details, economic information, etc.) contained in the Customer’s networks and systems which is provided, transmitted, displayed or made available by or through the Service Provider’s managed cyber security monitoring service by Customer or Customer’s authorized users and which is necessary to perform the cyber security monitoring service; this may include Special Personal Data.

Categories of Data Subjects:

any individual (whether clients, employees, suppliers or others) whose Data is on Customer’s networks and systems.

Processing Instructions:

the Service Provider shall perform the services set out in the Agreement involving, a combination of network and endpoint sensor technology, processed by automated systems and augmented with human analysis as necessary.