CROSSLEAD SAAS AGREEMENT LAST UPDATED: FEBRUARY 20TH, 2019 This SAAS AGREEMENT (the “Agreement”) forms a contract between the client signing an Order Form or Statement of Work (“Company”) and CrossLead, Inc. (“CrossLead”) (each sometimes referred to as a “Party” and collectively, the “Parties”), and governs the relationship between the Parties with respect to the SaaS Services and Consulting Services offered by CrossLead. By signing an Order Form or Statement of Work, and/or accessing or using CrossLead Platform, the Company agrees to be bound by the terms of this Agreement. COMPANY SHOULD NOT ACCESS AND/OR USE CROSSLEAD PLATFORM IF COMPANY DOES NOT AGREE WITH ALL OF THE PROVISIONS OF THIS AGREEMENT.

1. MODIFICATIONS TO THIS AGREEMENT. 

1.1 CrossLead reserves the right to revise this Agreement from time to time. CrossLead will date and post the most current version of this Agreement on the CrossLead website located at www.crosslead.com (the “Site”). Any changes will be effective upon posting the revised version of the Agreement (or such later effective date as may be indicated at the top of the revised Agreement). Company’s continued access or use of any portion of the SaaS Services constitutes Company’s acceptance of such changes. If Company does not agree to any of the changes, Company must cease use of the SaaS Services and contact CrossLead immediately at legal@crosslead.com.

2. ACCESS AND USE 

2.1 Orders. The Company will be able to order access to one or more CrossLead Modules of the software collectively known as “CrossLead Platform” through the website located at https://platform.crosslead.com (“CrossLead Platform”), (as set forth in an Order Form, the “SaaS Services”). The specific CrossLead Modules that will be made available to Company will be set forth in one or more Order Forms executed by the Parties from time to time during the Term. The Parties shall negotiate and sign each Order Form separately. Each Order Form shall set out a description of the applicable CrossLead Module to be provided by CrossLead and the costs associated with such CrossLead Module. Each Order Form shall be incorporated in this Agreement by reference. 2.2 Provision of Access. Subject to the terms and conditions contained in this Agreement, CrossLead hereby grants to Company and its Authorized Users a non-exclusive, non-transferable right to access the features and functions of the applicable CrossLead Module set forth in the applicable Order Form during the Term set forth on the Order Form for the number of Authorized Users set forth on the Order Form up to the Service Limits. Unless otherwise set forth in an Order Form, each Authorized User will have access to a maximum of three (3) gigabytes (“GB”). In the event an Authorized User exceeds the maximum GB allowed under this Agreement or an Order Form if different, the Company will have seven (7) days to reduce the amount of storage to the applicable limits, or Company will be charged $.05 per GB per month in excess of the applicable limits. On or as soon as reasonably practicable after the Effective Date, CrossLead shall provide to Company the necessary passwords, security protocols and policies and network links or connections and Access Protocols to allow Company and its Authorized Users to access the CrossLead Module. Company and any Authorized User may only use the CrossLead Module in accordance with the Access Protocols. 2.3 Usage Restrictions. Company will not (a) decompile, disassemble, reverse engineer or otherwise attempt to obtain or perceive the source code from which any software component of the CrossLead Modules is compiled or interpreted, and Company acknowledges that nothing in this Agreement will be construed to grant Company any right to obtain or use such code; or (b) allow third parties other than Authorized Users to gain access to the CrossLead Modules. Company will ensure that its use of the CrossLead Modules complies with all applicable laws, statutes, regulations or rules. 2.4 Retained Rights; Ownership.  (a) Ownership and Use of Company Data. Company retains all right, title and interest in and to the Company Data, and CrossLead acknowledges that it neither owns nor acquires any additional rights in and to the Company Data not expressly granted by this Agreement. CrossLead further acknowledges that Company retains the right to use the Company Data for any purpose in Company’s sole discretion. Subject to the foregoing, Company hereby grants to CrossLead a non-exclusive, non-transferable right and license to use the Company Data during the Term for the limited purposes of performing CrossLead’s obligations under this Agreement. Company further grants CrossLead the right to create anonymous profiles and derivative insights based on the Company Data (the “Insights”) that it may use as part of the CrossLead Modules for Company and other customers of CrossLead; provided, however, that such Insights do not disclose any Company Confidential Information or otherwise disclose the identity of Company. (b) Ownership of CrossLead Module. Subject to the rights granted in this Agreement, CrossLead retains all right, title and interest in and to the CrossLead Modules and the Insights, and Company acknowledges that it neither owns nor acquires any additional rights in and to the foregoing not expressly granted by this Agreement or any licenses to the software used to provide the CrossLead Modules. Company further acknowledges that CrossLead retains the right to use the foregoing for any purpose in CrossLead’s sole discretion. (c) Feedback. Company may provide CrossLead with feedback, comments and recommendations regarding the functionality and performance of the CrossLead SaaS Services, including, without limitation, identifying potential errors and improvements (collectively, the “Feedback”). CrossLead (and its partners and suppliers) shall have the unrestricted right to use the Feedback provided by Company to CrossLead in connection with the CrossLead SaaS Services or this Agreement at its sole discretion, including to improve or enhance the CrossLead SaaS Services and other CrossLead (or its partners’ and suppliers’) products, and, accordingly, CrossLead (and its partners and suppliers) shall have a non-exclusive, perpetual, irrevocable, royalty-free, worldwide right and license to use, reproduce, disclose, sublicense, distribute, modify, and otherwise exploit such Feedback without restriction. 2.5 Support and Consulting.  (a) Support. Subject to the terms and conditions of this Agreement, CrossLead shall exercise commercially reasonable efforts to provide Technical Assistance for the use of the CrossLead Module to Eligible Support Recipients during CrossLead’s ordinary and customary business hours in accordance with its standard policies and procedures. (b) Eligible Support Recipients. CrossLead shall have no obligation to provide Technical Assistance, by any means, to any entity or individual other than Eligible Support Recipients. Company can designate up to two (2) persons, which designees shall be eligible to receive Technical Assistance from CrossLead (“Eligible Support Recipients”). Such designees may be changed at any time by written notice. (c) Access. As a condition of CrossLead’s obligations under Section 2.5(a), Company shall provide such information and/or access to Company resources as CrossLead may reasonably require in order to provide Technical Assistance under this Agreement. CrossLead shall be excused from any non-performance of its obligations hereunder to the extent any such non-performance is attributable to Company’s failure to perform its obligations under this Section 2.5(c). (d) Means of Access to Technical Assistance. Eligible Support Recipients shall be permitted to request Technical Assistance (i) by telephoning CrossLead at such telephone number as CrossLead may specify for such purposes from time to time; or (ii) by directing electronic mail requests therefore to CrossLead at the electronic mail address as CrossLead may specify for such purposes from time to time. (e) Consulting. Company will be able to order certain consulting services related to Company’s use of the CrossLead Modules pursuant to a written statement of work executed by the Parties (each, a “Statement of Work” and such services, the “Consulting Services”). Such Statement of Work shall set out a description of the applicable Consulting Services to be provided by CrossLead and the costs associated with such services, as well as any additional terms that will govern the Consulting Services. Any such additional terms shall apply only to the Consulting Services and shall not affect the terms of this Agreement, or any terms governing Company’s use of the CrossLead Modules. Each Statement of Work shall be attached to this Agreement and incorporated in this Agreement by reference.

3. COMPANY RESPONSIBILITIES. 

3.1 Authorized Users Access to CrossLead Modules. Company may permit any Authorized Users to access and use the features and functions of the CrossLead Modules as contemplated by this Agreement. Company will be responsible for all actions or omissions of its Authorized Users. Authorized User IDs cannot be shared or used by more than one Authorized User at a time. Company shall use commercially reasonable efforts to prevent unauthorized access to, or use of, the CrossLead Modules, and notify CrossLead promptly of any such unauthorized use known to Company. Company acknowledges and agrees that it may need certain networking capabilities, bandwidth and hardware to use the CrossLead Modules. Company is solely responsible for all hardware, software and bandwidth required to reach the CrossLead systems to gain access to the CrossLead Modules. 3.2 Company Responsibility for Data and Security. Company and its Authorized Users shall have access to the Company Data and shall be responsible for all changes to and/or deletions of Company Data and the security of all passwords and other Access Protocols required in order to access the CrossLead Module. Company shall have the ability to export Company Data out of the CrossLead Module and is encouraged to make its own back-ups of the Company Data. Company shall have the sole responsibility for the accuracy, quality, integrity, legality, reliability, and appropriateness of all Company Data. Company acknowledges and agrees that, except as otherwise agreed between the Parties to this Agreement or in a separate written agreement, CrossLead will have no obligation to back-up Company Data, nor will CrossLead have any liability for any loss or corruption of Company Data, nor will CrossLead have any obligation under this Agreement to retain any Company Data after the expiration or termination of the Term. 3.3 Service Rules and Guidelines. Company and all Authorized Users shall use the CrossLead Module solely for its internal purposes as contemplated by this Agreement and shall not use the SaaS Service to: (a) transmit material containing software viruses or other harmful or deleterious computer code, files, scripts, agents, or programs; (b) interfere with or disrupt the integrity or performance of the CrossLead Module or the data contained therein; (c) attempt to gain unauthorized access to the CrossLead Module computer systems or networks related to the CrossLead Modules; or (d) interfere with another user’s use and enjoyment of the CrossLead Modules. 3.4 Collection of Company Data. Company shall be responsible for obtaining any and all consents necessary to allow for the collection of Company Data under this Agreement and the processing of the Company Data by CrossLead. Company hereby represents and warrants that the collection and transmission of the Company Data to CrossLead as contemplated by this Agreement as well as the processing of such Company Data in conformance with the terms of this Agreement complies in all respects with all applicable laws, rules and regulations that apply to the Company and its employees.

4. FEES AND EXPENSES; PAYMENTS. 

4.1 Fees. Company will pay to CrossLead, without offset or deduction, all fees required by a particular Order Form and/or Statement of Work (collectively, the “Fees”). In addition, Company shall reimburse CrossLead for all reasonable costs and expenses (including travel, lodging and out-of-pocket expenses) incurred in connection with the performance or provision of the services (“Expenses”). All Fees will be billed and paid in U.S. dollars. CrossLead shall submit a written invoice to Company for Fees, Expenses and any applicable taxes permitted under Section 4.3 to be paid by Company hereunder. Except as may be otherwise set forth in the applicable Order Form and/or Statement of Work, Company shall pay CrossLead within thirty (30) days of the date of receipt of the invoice via electronic transfer to the bank account specified by CrossLead. Invoices submitted by CrossLead in the form of electronic mail shall be deemed received by Company on the date of the electronic mail. 4.2 Price Escalations. The prices set forth in each Order Form for the provision of the CrossLead Module(s) under this Agreement will be adjusted upon each anniversary of the Effective Date to the list price in effect at the time of the renewal; but, in no event, will the annual fee charged to Company increase by more than seven percent (7%) over the cost for the then-existing Term. 4.3 Taxes. Fees invoiced hereunder do not and will not include any taxes levied by or due to any duly authorized taxing authority. Company will pay all applicable taxes and other government charges, if any, however designated, derived from or imposed on the transactions contemplated hereby, including sales, value-added, use, transfer, withholding, privilege, excise and other taxes and duties, except for taxes based on CrossLead’s income. 4.4 Disputed Fees. In the event that Company reasonably and in good faith disputes any invoice, Company shall notify CrossLead in writing within five (5) business days of the date of receipt of the applicable invoice. Company shall pay reasonable expenses and outside attorneys’ fees that CrossLead incurs in collecting late payments that are not disputed in good faith. Late payments that are not disputed in good faith bear interest at the rate of 1.5% per month (or the highest rate permitted by law, if less). If Company fails to pay any amounts invoiced by CrossLead (other than amounts disputed in good faith) by the applicable payment due date, CrossLead shall have the right, in its discretion, to suspend access to the CrossLead Module(s) and any Technical Assistance on notice to Company until such time that payment is received.

5. REPRESENTATIONS AND WARRANTIES. 

5.1 Reciprocal Representations and Warranties. Each Party hereby represents and warrants that it is duly authorized to enter into this Agreement and to make the commitments and grant the rights set forth in this Agreement. 5.2 Representations of CrossLead. CrossLead represents and warrants that it will provide the CrossLead Module(s) and perform its other obligations under this Agreement in a professional and workmanlike manner substantially consistent with general industry standards. CrossLead further warrants, for the benefit of Company only, that the CrossLead Module will conform in all material respects to the standard user documentation for such CrossLead Module provided to Company by CrossLead (the “Documentation”) for a period of thirty (30) days after CrossLead first makes the CrossLead Module available to Company, provided that such warranty will not apply to failures to conform to the Documentation to the extent such failures arise, in whole or in part, from (i) any use of the CrossLead Module other than in accordance with the Documentation, or (ii) any combination of the CrossLead Module with software, hardware or other technology not provided by CrossLead under this Agreement.

6. DISCLAIMERS, EXCLUSIONS AND LIMITATIONS OF LIABILITY. 

6.1 Internet Delays. CROSSLEAD’S SERVICES MAY BE SUBJECT TO LIMITATIONS, DELAYS, AND OTHER PROBLEMS INHERENT IN THE USE OF THE INTERNET AND ELECTRONIC COMMUNICATIONS. CROSSLEAD IS NOT RESPONSIBLE FOR ANY DELAYS, DELIVERY FAILURES, OR OTHER DAMAGE RESULTING FROM SUCH PROBLEMS. 6.2 Disclaimer. EXCEPT AS EXPRESSLY REPRESENTED OR WARRANTED IN SECTION 5, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, THE CROSSLEAD MODULES, THE DOCUMENTATION, AND ALL SERVICES PERFORMED BY CROSSLEAD ARE PROVIDED “AS IS,” AND CROSSLEAD DISCLAIMS ANY AND ALL OTHER PROMISES, REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, SYSTEM INTEGRATION AND/OR DATA ACCURACY. CROSSLEAD DOES NOT WARRANT THAT THE CROSSLEAD MODULES OR ANY OTHER SERVICES PROVIDED BY CROSSLEAD WILL MEET COMPANY’S REQUIREMENTS OR THAT THE OPERATION OF THE CROSSLEAD MODULES WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ALL ERRORS WILL BE CORRECTED. 6.3 Limitation of Liability. EXCEPT FOR LIABILITY RESULTING FROM BREACH OF SECTION 8 (CONFIDENTIALITY) OR OBLIGATIONS ARISING UNDER SECTION 7 (INDEMNIFICATION), AND NOTWITHSTANDING ANYTHING IN THIS AGREEMENT (INCLUDING ANY ORDER FORM AND/OR STATEMENT OF WORK) TO THE CONTRARY, (I) IN NO EVENT SHALL EITHER PARTY BE LIABLE TO THE OTHER FOR CONSEQUENTIAL, SPECIAL, INDIRECT, INCIDENTAL, OR PUNITIVE DAMAGES OR LOSS OF PROFITS OR REVENUES ARISING OUT OF THE PERFORMANCE OF THIS AGREEMENT, AND, (II) AS BETWEEN THE PARTIES, NEITHER PARTY’S LIABILITY IN CONNECTION WITH THIS AGREEMENT SHALL EXCEED THE AGGREGATE AMOUNT PAID BY COMPANY UNDER THE APPLICABLE ORDER FORM OR STATEMENT OF WORK FOR THE SERVICES GIVING RISE TO THE LIABILITY.

7. INDEMNIFICATION. 

7.1 Reciprocal Indemnification by Parties. Each Party shall indemnify, hold harmless and, unless otherwise directed by the other Party, defend, the other Party and its affiliates, directors, officers, employees and agents (collectively, the “Indemnified Party”) from and against any and all third-party suits, actions, claims and resulting liabilities, losses, damages, judgments, payments, penalties, fines, fees, costs and expenses (including reasonable attorneys’ fees) awarded to the third party (collectively, “Liabilities”) arising from any third-party claim relating to or based on the gross negligence or intentional misconduct of the indemnifying Party, its affiliates, officers, directors, employees and agents in connection with this Agreement, provided that the indemnifying Party shall not be responsible for Liabilities resulting from the gross negligence or intentional misconduct of the Indemnified Party, and the Indemnified Party promptly notifies the indemnifying Party in writing of the claim, cooperates with the indemnifying Party, and allows the indemnifying Party sole authority to control the defense and settlement of such claim. 7.2 Indemnification by CrossLead. CrossLead agrees to indemnify, defend and hold harmless Company from and against any and all losses, liabilities, costs (including reasonable attorneys’ fees) or damages resulting from any claim by any third party that a CrossLead Module and/or the Documentation infringes such third party’s U.S. patents issued as of the Effective Date, or infringes or misappropriates, as applicable, such third party’s copyrights or trade secret rights under applicable laws of any jurisdiction within the United States of America, provided that Company promptly notifies CrossLead in writing of the claim, cooperates with CrossLead, and allows CrossLead sole authority to control the defense and settlement of such claim. If such a claim is made or appears possible, Company agrees to permit CrossLead, at CrossLead’s sole discretion, to enable it to continue to use the CrossLead Module or the Documentation, as applicable, or to modify or replace any such infringing material to make it non-infringing. If CrossLead determines that none of these alternatives is reasonably available, Company shall, upon written request from CrossLead, cease use of, and, if applicable, return, such materials as are the subject of the infringement claim. This Section 7 shall not apply if the alleged infringement arises, in whole or in part, from (i) modification of the CrossLead Module or the Documentation by Company, or (ii) combination, operation or use of the CrossLead Module with other software, hardware or technology not provided by CrossLead, or (iii) related to the Company Data.

8. CONFIDENTIALITY. 

8.1 Treatment of Confidential Information. Each Party hereby acknowledges that during the performance of this Agreement it may learn, receive or otherwise have access to Confidential Information (as defined herein) of the other Party. Each Party shall exercise the same degree of care to keep confidential any Confidential Information of the other Party as such Party exercises to keep confidential such Party’s own information of like nature, but in no event less than a reasonable standard of care, and each Party and its affiliates and its and their respective employees, independent contractors, representatives and other agents shall not disclose, use, publish or otherwise reveal, directly or indirectly through any third party, any Confidential Information of the other Party to any third party or to any of such Party’s employees or agents that do not have a need to know such Confidential Information for the purpose of exercising such Party’s rights or performing such Party’s obligations under this Agreement. 8.2 Definition of Confidential Information. “Confidential Information” means any confidential or proprietary information or data of a Party or its affiliates (or its or their customers or licensees or third-party contractors), whether oral or in writing, that are designated as confidential or would reasonably be understood to be confidential and proprietary, including technical, marketing, sales, operating, performance, cost, know-how, research and development, business and process information, computer programming techniques, protected health information, nonpublic personal financial information, personal data, and all record-bearing media containing or disclosing such information or techniques. 8.3 Exceptions to Confidential Information. Confidential Information shall not include information that (a) is now generally known or available or which, hereafter through no act or failure to act on the part of the receiving Party, becomes generally known or available; (b) is rightfully known to the receiving Party on a non-confidential basis at the time of receiving such information; (c) is furnished to the receiving Party by a third party without restriction on disclosure and without the receiving Party having actual notice or reason to know that the third party lacks authority to so furnish the information; or (d) is independently developed by the receiving Party without reference to the Confidential Information of the other Party. A receiving Party may disclose any Confidential Information that is required to be disclosed by operation of law or by an instrumentality of the government, including any court, tribunal or administrative agency; provided that, to the extent permitted under applicable law, the receiving Party shall notify the other Party prior to such disclosure (and if reasonably requested by the other Party and at the other Party’s cost) shall assist the Party in seeking to obtain a protective order or to otherwise minimize the extent of such disclosure. 8.4 Use of Name. Each Party grants the other Party the limited right to use its name and logo to identify it as a customer or service provider, as applicable. Neither Party shall make any other use of the other Party’s name, or disclose the terms of this Agreement, without the other Party’s written consent. 8.5  Satisfaction Surveys. From time to time, CrossLead may ask Company’s Authorized Users or employees previously chosen by Company to take part in CrossLead services and/or events to provide feedback regarding their level of satisfaction with the CrossLead SaaS Services and/or Consulting Services via emails and/or electronic surveys. Company hereby grants CrossLead the right to send such emails and surveys provided that CrossLead does not disclose Company’s employees as participants in the surveys without Company’s written consent.

9. TERM AND TERMINATION. 

9.1 Term. This Agreement will remain in full force and effect while Company is authorized to use the CrossLead Platform. 9.2 Termination for Breach. Either Party may, at its option, terminate this Agreement, or as applicable, an individual Order Form or Statement of Work, in the event of a material breach by the other Party. Such termination may be effected only through a written notice to the breaching Party, specifically identifying the breach or breaches on which such notice of termination is based. The breaching Party will have a right to cure such breach or breaches within thirty (30) days of receipt of such notice, and this Agreement, or the applicable Order Form or Statement of Work will terminate in the event that such cure is not made within such thirty (30)-day period. 9.3 Termination for Convenience. Company may terminate any Order Form or Statement of Work at any time, for any reason or no reason upon thirty (30) days’ written notice to CrossLead. 9.4 Termination upon Bankruptcy or Insolvency. Either Party may, at its option, terminate any Order Form or Statement of Work immediately upon written notice to the other Party, in the event (a) that the other Party becomes insolvent or unable to pay its debts when due; (b) the other Party files a petition in bankruptcy, reorganization or similar proceeding, or, if filed against, such petition is not removed within ninety (90) days after such filing; (c) the other Party discontinues its business; or (d) a receiver is appointed or there is an assignment for the benefit of such other Party’s creditors. 9.5 Effect of Termination. Upon any termination of any Order Form or Statement of Work, Company will (a) immediately discontinue all use of the CrossLead Modules and any CrossLead Confidential Information; and (b) promptly pay to CrossLead all amounts due and payable under this Agreement, including all Expenses incurred by CrossLead prior to the effective date of termination that have been committed or incurred in accordance with the terms of this Agreement or the applicable Order Form and/or Statement of Work. 9.6 Survival. The provisions of Sections 2.4, 3.4, 6, 7, 8, 9.5, 9.6, and 11 will survive the termination of this Agreement. 9.7 Suspension of Service. If Company fails to pay undisputed amounts in accordance with the terms and conditions hereof and the Order Form and/or Statement of Work, CrossLead shall have the right, in addition to any of its other rights or remedies, to suspend the SaaS Service or Consulting Service, without liability to Company until such amounts are paid in full.

10. DEFINITIONS.Certain capitalized terms, not defined above, have the meanings set forth below.

10.1 “Access Protocols” will mean the passwords, access codes, technical specifications, connectivity standards or protocols, or other relevant procedures, as may be necessary to allow Company or any Authorized Users to access the CrossLead Module. 10.2 “Authorized User” will mean any individual who is an employee of Company, authorized, by virtue of such individual’s relationship to, or permissions from, Company, to access the CrossLead Module pursuant to Company’s rights under this Agreement. 10.3 “Company Data” will mean the data, media and content provided by Company through the CrossLead Modules or as part of any configuration or implementation services, including, but not limited to, calendar data, Company survey data and recordings or Company employee interviews. 10.4 “CrossLead Module” shall mean features and functions of a specific module of CrossLead Platform ordered by Company through an Order Form and provided by CrossLead by means of access to the CrossLead websites, solely to the extent set forth and further described in, and as limited by, the Order Forms executed by the Parties. 10.5 “Order Form” shall mean a document signed by both Parties identifying a given type of CrossLead Module to be made available by CrossLead pursuant to this Agreement. Each Order Form shall be agreed upon by the Parties as set forth in Section 2.1. 10.6 “Service Limit” shall mean CrossLead’s standard service limitations related to particular CrossLead Module(s) as set forth in CrossLead’s standard policies provided to Company from-time-to-time or as otherwise identified in an Order Form. For example, there are Service Limits on records, storage of Company Data, etc. 10.7 “Technical Assistance” shall mean the provision of responses by CrossLead personnel to questions from Eligible Support Recipients related to use of the CrossLead Module, including basic instruction or tutorial assistance regarding the features and functions of the CrossLead Module.

11. GENERAL. 

11.1 Non-Competition. Notwithstanding anything in this Agreement to the contrary, (a) in no event shall CrossLead be restricted from providing services that are competitive with, or similar to, the services, for any third party; and (b) for the avoidance of doubt, CrossLead shall be free to use the general knowledge, skills and experience of its personnel, and any ideas, concepts, know-how, and techniques and other intellectual property rights that are acquired or used pursuant to this Agreement; in each case provided that CrossLead does not use any Confidential Information of the Company in breach of the terms of this Agreement. 11.2 Assignment. Neither Party may assign or otherwise transfer this Agreement or any of its rights and obligations hereunder without the prior written consent of the other Party; provided, however, that either Party may assign or otherwise transfer this Agreement, upon notice to the other Party but without the other Party’s consent, (i) to an affiliate, or (ii) to an entity that purchases all or substantially all of such Party’s business or assets to which this Agreement relates; further provided that the assignee or transferee is capable of fulfilling the obligations of the assigning or transferring Party under this Agreement. Any purported assignment or transfer in contravention of this Section 11.2 shall be null and void. 11.3 Contractor Relationship. CrossLead and its employees and agents shall perform the services under this Agreement as independent contractors. Nothing in this Agreement is intended or shall be construed to create a partnership, joint venture, or employer-employee relationship between Company and CrossLead or any of its employees or agents. 11.4 Subcontractor. CrossLead may perform all or any part of the services using one or more consultants or subcontractors, provided that CrossLead shall remain responsible for the performance of the services in accordance with the terms of this Agreement. 11.5 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware without giving effect to the principles of conflict of law. 11.6 Severability. If any provision in this Agreement is found by a court of competent jurisdiction to be invalid or unenforceable to any extent, such finding shall not affect the other provisions of this Agreement and the invalid or unenforceable provision shall be deemed modified so that it is valid and enforceable to the maximum extent permitted by applicable law. 11.7 Complete Agreement. This Agreement, together with all Order Forms and Statements of Work attached hereto, represents the entire agreement between Company and CrossLead with respect to matters covered herein and supersedes all previous representations, proposals, or agreements, whether written or oral. To the extent there is a conflict between this Agreement and any Order Form or Statement of Work, the terms of this Agreement shall control unless the Order Form or Statement of Work expressly states the Parties’ intent to modify the terms of this Agreement with respect to that Order Form or Statement of Work. 11.8 U.S. Government End-Users. The software components that constitute the CrossLead Module are “commercial items” as that term is defined at 48 C.F.R. 2.101, consisting of “commercial computer software” and “commercial computer software documentation” as such terms are used in 48 C.F.R. 12.212. Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4, all U.S. Government end users acquire the CrossLead Module and the Documentation with only those rights set forth therein. 11.9 Force Majeure. Except with respect to Company’s payment obligations and each Party’s obligations under Section 8 (Confidentiality), neither Party shall be liable for failure to perform obligations under this Agreement if the failure results from an act of God, the act of a national, federal, state or local government authority, fire, explosion, accident, industrial dispute, or any other catastrophic or other similar event beyond such Party’s reasonable control (collectively, “Force Majeure”). If CrossLead is affected by an event of Force Majeure, upon giving prompt notice to Company, CrossLead shall be excused from performance hereunder on a day to day basis to the extent of the prevention, restriction or interference resulting from such Force Majeure. 11.10 Conflict Resolution. Except where injunctive relief is sought for breach of Section 2.4 (Ownership) or Section 8 (Confidentiality) or in order to comply with deadlines under applicable law, neither Party shall commence a legal action or proceedings with respect to any dispute, controversy, or claim arising out of or relating to this Agreement (including any Order Form or Statement of Work) unless and until, after applicable notice and opportunity to cure, senior executives for both Parties have met and discussed the matter in order to consider informal and amicable means of resolution and either such meeting failed to occur within fifteen (15) business days after receipt of written request therefor or the meeting did not produce a mutually satisfactory resolution of the matter. 11.11 Injunctive Relief. If either Party seeks injunctive relief for breach of Section 2.4 (Ownership) or Section 8 (Confidentiality), such Party may seek temporary and/or permanent injunctive relief without the necessity of proving actual damages or posting a bond. 11.12 Notices. Any notice required to be given by either Party under this Agreement shall be in writing and either (a) sent to the mailing address of the other Party as set forth on the applicable Order Form or Statement of Work (or such other address as such Party may specify in a notice to the other Party pursuant to this Section 11.12), or (b) sent by electronic mail to the electronic mail address associated with the Company’s license if to Company, or to legal@crosslead.com if to CrossLead. If delivered to a mailing address, such notice shall be deemed to have been given upon (i) actual receipt, (ii) the expiration of the fifth business day after being deposited in the United States mails, postage prepaid, or (iii) the next business day following deposit with an internationally recognized overnight delivery service (e.g., Federal Express). If delivered by electronic mail, any such notice shall be considered to have been given on the delivery date and at the time reflected by the time stamp. 11.13 No Waiver. No waiver or modification of any right or remedy under this Agreement or of any provision hereof shall be effective unless it is stated in writing and signed by the Parties and no effective waiver of any right, remedy or provision of this Agreement shall be deemed a waiver of any other, whether of a like or different character. 11.14 Interpretation. Captions included in this Agreement are for convenience only and are not to be used for purposes of interpretation of this Agreement. The Parties agree that this Agreement shall be fairly interpreted in accordance with its terms without any strict construction in favor of or against either Party, and that ambiguities shall not be interpreted against the drafting Party. The words “including” and “includes” when used herein, shall be deemed in each case to be followed by the words “without limitation”; and the words “hereof,” “herein,” and “hereunder” and words of similar import when used in this Agreement shall refer to this Agreement as a whole and not to any particular provision of this Agreement. Whenever the context may require, the singular form of nouns and pronouns shall include the plural, and vice versa. Annex 1  Subject Matter and Details of the Data Processing  Subject Matter – CrossLead’s provision of the Services to Company. Duration of the Processing – From commencement of the Term until deletion of all Personal Data by CrossLead in accordance with the Agreement. Nature and Purpose of the Processing – CrossLead will process Personal Data for the purposes of providing the Services to Company in accordance with the Agreement. Categories of Personal Data – Personal Data relating to the data subjects provided to CrossLead in connection with the Services, by Company as described in more detail in the Agreement. Data Subjects – Data subjects include the users about whom CrossLead Processes data in connection with the Services as described in more detail in the Agreement. Annex 2  Security Measures As from the Addendum Effective Date, CrossLead will implement and maintain the Security Measures set out in this Annex 2.

1. Organizational management and dedicated staff responsible for the development, implementation and maintenance of CrossLead’s information security program.
2. Audit and risk assessment procedures for the purposes of periodic review and assessment of risks to CrossLead’s organisation, monitoring and maintaining compliance with CrossLead’s policies and procedures, and reporting the condition of its information security and compliance to internal senior management.
3. Data security controls which include at a minimum, but may not be limited to, logical segregation of data, restricted access and monitoring, and utilization of commercially available and industry standard encryption technologies for Personal Data that is:
4. transmitted over public networks (i.e. the Internet) or when transmitted wirelessly; or
5. at rest or stored on portable or removable media (i.e. laptop computers, CD/DVD, USB drives, back-up tapes).
6. Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g. granting access on a need-to-know basis, use of unique IDs and passwords for all users, periodic review and revoking/changing access when employment terminates or changes in job functions occur).
7. Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that CrossLead passwords that are assigned to its employees: (i) be at least eight (8) characters in length, (ii) not be stored in readable format on CrossLead’s computer systems; (iii) must be changed every four (4) months; and must have defined complexity.
8. Physical and environmental security of data center, server room facilities and other areas containing Personal Data designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor and log movement of persons into and out of CrossLead facilities, and (iii) guard against environmental hazards such as heat, fire and water damage.
9. Change management procedures and tracking mechanisms designed to test, approve and monitor all changes to CrossLead’s technology and information assets.
10. Incident / problem management procedures design to allow CrossLead to investigate, respond to, mitigate and notify of events related to CrossLead’s technology and information assets.
11. Network security controls that provide for the use of enterprise firewalls, and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.
12. Vulnerability assessment and threat protection technologies and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.
13. Business resiliency/continuity and disaster recovery procedures designed to maintain service and/or recovery from foreseeable emergency situations or disasters.

CrossLead may update or modify such Security Measures from time to time provided that such updates and modifications do not materially decrease the overall security of the Services. Annex 3 Model Contract Clauses STANDARD CONTRACTUAL CLAUSES (PROCESSORS)  For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection. Name of the data exporting organization: The legal entity defined as data exporter in the Data Protection Addendum entered into between the parties. (the data exporter) And Name of the data importing organization: CrossLead, Inc. Address: 1445 New York Avenue, NW, First Floor, Washington, DC 20005 (the data importer) each a “party”; together “the parties”. HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.

1. Definitions 

For the purposes of the Clauses: ‘personal data‘, ‘special categories of data‘, ‘process/processing‘, ‘controller‘, ‘processor‘, ‘data subject‘ and ‘supervisory authority‘ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; ‘the data exporter‘ means the controller who transfers the personal data; ‘the data importer‘ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC; ‘the subprocessor‘ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract; ‘the applicable data protection law‘ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established; ‘technical and organizational security measures‘ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

2. Details of the transfer 

The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.

3. Third-party beneficiary clause 

3.1 The data subject can enforce against the data exporter this Clause, Clauses 4(b) to (i), Clauses 5(a) to (e), and (g) to (j), Clauses 6.1 and 6.2, Clause 7, Clause 8.2, and Clauses 9 to 12 as third-party beneficiary. 3.2 The data subject can enforce against the data importer this Clause, Clauses 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8.2, and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. 3.3 The data subject can enforce against the subprocessor this Clause, Clauses 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8.2, and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses. 3.4 The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

4. Obligations of the data exporter 

The data exporter agrees and warrants: (a) that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State; (b) that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses; (c) that the data importer will provide sufficient guarantees in respect of the technical and organizational security measures specified in Appendix 2; (d) that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; (e) that it will ensure compliance with the security measures; (f) that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC; (g) to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8.3 to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension; (h) to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information; (i) that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and (j) that it will ensure compliance with Clauses 4(a) to (i).

5. Obligations of the data importer 

The data importer agrees and warrants: (a) to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; (b) that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; (c) that it has implemented the technical and organizational security measures specified in Appendix 2 before processing the personal data transferred; (d) that it will promptly notify the data exporter about: (i) any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation, (ii) any accidental or unauthorized access, and (iii) any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so; (e) to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred; (f) at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority; (g) to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter; (h) that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent; (i) that the processing services by the subprocessor will be carried out in accordance with Clause 11; (j) to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.

6. Liability 

6.1 The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered. 6.2 If a data subject is not able to bring a claim for compensation in accordance with Clause 6.1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. 6.3 The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities. 6.4 If a data subject is not able to bring a claim against the data exporter or the data importer referred to in Clauses 6.1 and 6.2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses.

7. Mediation and jurisdiction 

7.1 The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject: (a) to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority; (b) to refer the dispute to the courts in the Member State in which the data exporter is established. 7.2 The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

8. Cooperation with supervisory authorities 

8.1 The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law. 8.2 The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law. 8.3 The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer or any subprocessor, pursuant to Clause 8.2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5(b).

9. Governing Law 

The Clauses shall be governed by the law of the Member State in which the data exporter is established.

10. Variation of the contract 

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

11. Subprocessing 

11.1 The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfill its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement. 11.2 The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in Clause 6.1 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses. 11.3 The provisions relating to data protection aspects for subprocessing of the contract referred to in Clause 11.1 shall be governed by the law of the Member State in which the data exporter is established. 11.4 The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.

12. Obligation after the termination of personal data processing services 

12.1 The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore. 12.2 The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in Clause 12.1. Appendix 1 to the Standard Contractual Clauses Annex 1 of the Data Protection Addendum to which these Standard Contractual Clauses are attached is hereby incorporated by reference. Appendix 2 to the Standard Contractual Clauses  Annex 2 of the Data Protection Addendum to which these Standard Contractual Clauses are attached is hereby incorporated by reference.