The URL can be used to link to this page

Home My WebLink AboutCAG2022-173 - Original - Bynder LLC - Digital Asset Manager - 05/09/2022FOR CITY OF KENT OFFICIAL USE ONLY Sup/Mgr: Agreement Routing Form Dir Asst: • For Approvals, Signatures and Records Management Dir/Dep: KENT This form combines & replaces the Request for Mayor's Signature and Contract Cover Sheet forms. W A S H I N G T O N (Print on pink or cherry colored paper) LS/TD IMC (Optional) Originator: Department: Daniel Blincoe IT Date Sent: Date Required: c 05/02/2022 05/05/2022 Authorized to Sign: Date of Council Approval: Q QDirector or Designee �✓ Mayor Budqet Account Number: Grant?Yes �✓ No T20223 Budget? El Yes 0No Type: N/A Vendor Name: Category: Bynder LLC Contract Vendor Number: Sub -Category: 2481842 Original 0 Project Name: Digital Asset Manager E �O This original Agreement is for a Cloud solution to manage Multimedia's digital assets with an initial Project Details:2-year term. This does but be for agreement not renew automatically can renewed an additional — term via a contract amendment. C AgreementAmoun 92,446.52 Basis for Selection of Contractor: Direct Negotiation *Memo be W W to Mayor must attached _d_ Start Date: 05/09/2022 Termination Date: 05/08/2024 Q Local Business?�YesrNo* If meets requirements per Exceptions"formonCityspace. Business License Verification:1-1 Yes Elln-Process Exempt (KCC 5.01.045) Notice required prior to disclosure? Contract Number: ❑✓ Yes❑No CAG2022-173 Comments: 3 �cc 41 N •> i Date Received by City Attorney: 5/2/22 C C1 Date Routed to the Mayor's Office: v1 Date Routed to the City Clerk's Office: 5/3/2022 adccW22373_1_20 Visit Documents.KentWA.gov to obtain copies of all agreements rev. 200821 Agreement City of Kent CO bynder Confidential DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential Executive Summary About Bynder Bynder is the fastest way to professionally manage digital files. Its award -winning digital asset management (DAM) platform offers marketers a smart way to find and share creative files such as graphics, videos and documents. Thousands of brand managers, marketers and creatives from global organizations like City of Pleasanton, Middlesex County, and Port of San Diego use Bynder to organize company files, edit and approve projects in real time, auto -format and resize files, and make the right content available to others at the click of a button. Industry Trends Today A dramatic shift is underway. Communication channels are increasingly digital and multiplying at a rapid rate. Marketers, creative leaders and communication professionals are under increasing pressure to produce more content, more quickly and distribute it across more outlets than ever before. This shift is being driven by: ■ Explosive content growth: As communication channels and platforms multiply, companies are producing more and more content to keep up. The volume of digital assets is expected to grow by 500% over the next five years. ■ Faster creative cycles: Marketing and creative teams are being asked to create more content and visuals more quickly to satisfy the demands of digital marketing and social media. ■ More touchpoints: Creative assets need to be distributed to more channels and platforms, bogging down marketing and creative teams with administrative tasks, asset requests and asset development. ■ Global scalability: It's easier than ever to promote your brand to global audiences, but the assets you promote often have to be localized, therefore increasing the volume of content that has to be managed. ■ Rapidly expanding technology stack: The average marketing team now uses over 100 software platforms creating bottlenecks and confusion, slowing productivity and driving the need for better - integrated technologies. W bynder www.bynder.com Page 2 DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential Technology Recommendation WORKGROUP PACKAGE Homepage: Allows users to access useful quick -links to frequently used tasks and pages. Refreshed daily with recently added content and featured collections for inspiration. Digital Asset Management: Bynder's DAM is the backbone of the system and allows you to store, manage and distribute content across global teams with governance and facilitates a "single source of truth" for your content. Brand Templates: Designers can provide easy -to -use templates enabling marketers to change the content, but keeping intended design elements locked to ensure they stay on -brand. Repurpose designs for different campaigns or use for localization. LightAnalytics: Access platform activity and usage statistics during specifiable timeframes in an overview dashboard. Services & Support To ensure your success, Bynder offers a comprehensive set of services for planning, implementation, adoption and support: • Onboarding and Implementation: We work closely with you throughout the onboarding process to ensure a successful launch and eventual company -wide adoption. We help you develop a metadata strategy, define processes and system roles and more. Our onboarding plan serves as a template to get you up and running quickly. • Professional Services: Our Professional Services Consultants help you extend the Bynder platform and integrate with the other tools across your enterprise. From assistance with setting up workflows, metadata and keywords, to custom-built innovations, our Professional Services team is eagerto help. • Customer Success: Your assigned Customer Success Representative helps you maximize the value of Bynder and serves as your internal advocate. Customer Success is the voice of the customer and ensures that as we continue to improve Bynder, your voice is heard. • Product Support: Our support team is available around the clock to help you troubleshoot critical roadblocks and keep things running smoothly. With teams located in San Francisco, Boston, London and Amsterdam, we make it easy to get support in local hours. • Bynder Knowledge Base: We are dedicated to sharing best practices, online training, "How To" articles and more. Consult the user community to ask questions, learn tips and tricks and see how real users are making Bynder work for them. W bynder www.bynder.com Page 3 DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential Table of contents I. Execution Top Sheet 5 II. Commercial Terms 6 111. Statement of Work 16 IV. Applicable Terms, Policies & Disclaimers 18 V. Definitions 21 CO bynder www.bynder.com Page 4 BynderAgreement Version 1.0 DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential I. Execution Top Sheet This agreement, consisting of several parts, by and between Bynder LLC ("Bynder"), a company incorporated in the state of Delaware with its principal place of business at 321 Summer Street, Floor 1, Boston MA 02210 U.S.A, and City of Kent ("Customer"), with its principal place of business at 220 Fourth Ave. S. Kent, WA 98032 (the "Agreement"), is effective upon the last day executed ("Effective Date"). Customer and Bynder also jointly to be referred to as "Parties". Notices: The postal address for delivery of legal notices to Customer is: The email address for delivery of legal notices to Customer is: ITAC@kentwa.gov Finance contact email: ITA<okentwa.gov Customer chooses the following Option to host its data (please select one option): #Option 1: EU-ONLY OR #Option 2: US -ONLY OR #Option 3: GLOBAL Onboarding will commence on 05/09/22 ("Project Start Date"). The attached offer is effectivelyvalid for acceptance until 05/06/22 BYNDER DocuSigned by: 5CAA06609341421... Please sign above the line By: Bynder LLC Represented by: Bob Hickey Title: CEO April 28, 2022 1 10:05 PDT W bynder CUSTOMER Please sign lI above the line By: Dana Ralph Represented by: Title: Mayor Date: 05/02/2022 www.bynder.com Attn IT Department City of Kent 220 Fourth Avenue South Kent, WA, 98032 Page 5 Bynder Agreement Version 1.1_Kent DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential II. Commercial Terms 1. Term 1.1 This Agreement shall take effect on the Effective Date stated above on the Execution Top Sheet and shall continue for twenty-four (24) months following the Project Start Date ("Initial Term"). At the City's option, the term of the Agreement may be extended by one year at original subscription pricing. This option shall be exercised by an amendment to this Agreement. 2. Payment Terms 2.1 Customer shall make payments in accordance with Bynder's Standard Terms of Service. All One -Off Costs as described in section 3.1 and twelve (12) months of Subscription Fee as described in section 3.2 will be invoiced within three (3) Business Days of the Effective Date of this Agreement. For each subsequent twelve- month period of the Term of the Agreement, twelve (12) months of Subscription Fee will be invoiced at least thirty (30) days prior to the anniversary of the Project Start Date. The Subscription Fee will be calculated from the Project Start Date, as stated on the Execution Top Sheet. This is also the commencement date of the Subscription (defined below). 2.2 If Customer uses a Purchase Order ("PO") system, it must issue a PO no more than seven (7) working days after the Effective Date of this Agreement or any future purchase. Any delay or failure in issuing PO will not relieve Customer of its payment obligations under this Agreement, including the Payment Period. For the avoidance of doubt, the terms and conditions of the Agreement shall take precedence over any pre-printed Customer terms and conditions on a Purchase Order. W bynder www.bynder.com Page 6 BynderAgreement Version 1.1_Kent DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential 3. Pricing 3.1 One -Off Costs One -Off Costs shown below are costs for a customer -standard situation as further described in the section "Statement of Work - What is included in your Bynder onboarding" below. In case of a customer -specific situation, Professional Services charges will apply as described in section 4.4. Payment of One -Off Costs shall be contingent on the acceptance by customer, and shall not be due until five (5) days after customer's receipt of an invoice for each item. One-off onboarding includes: One-off Costs: • Onboarding Consultancy over 12 weeks • Remote kick-off session • System configuration • Single Sign -On (SSO) configuration $7,200.00 • Custom URL • Taxonomy setup • Default Permissions and Access Rights setup • Admin Training (up to 2 hou rs) • Advanced Brand Guidelines $600.00 • Digital Brand Templates $600.00 • Mass Uploader Configuration $2,000.00 Total $10,400.00 W bynder www.bynder.com Page 7 BynderAgreement Version 1.1_Kent DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential 3.2 Subscription Fee per month On execution of this Agreement, Customer acquires a subscription for the Product, which includes the described below (the "Subscription"), subject to the terms of this Agreement and of the documents referenced in the section "Applicable Terms, Policies & Disclaimers". Monthly Subscription includes: Monthly Subscription Fee Users/Storage 2 Admin / 10 Regular/ 50 Light Users 1 TB storage Homepage Core Functionality Bynder DAM Bynder Light Analytics $1,500.00 External Uploader Bynder Express (file transfer functionality) Add-ons Access to free plugins SSO Custom URL Bynder Mobile App Support Plus Success Package $400.00 Brand Guidelines Advanced Brand Guidelines $750.00 Digital Templates Basic Up to 30 templates, Max 10 campaigns $400.00 Additional Storage 4AdditionaI TB of storage @ $100/per TB $400.00 Subscription Subtotal Total $3,450.00 10%Subscription Discount" -$345.00 Monthly Subscription Total $3,105.00 —Discounts are contingent to a 24-month agreement and agreement executed by 05/06/22 3.3 Total Costs List Price Discounted Price Savings Total costsforYear 1 (Subscription fees+ One-off costs) $51,800.00 $47,660.00 ($4,140.00) Total costsforYear2 (Subscription fees) $41,400.00 $37,260.00 ($4,140.00)) Total costs of initial24 months $93,200.00 $84,920.00 ($8,280.00) W bynder www.bynder.com Page 8 BynderAgreement Version 1.1_Kent DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential 4. Additional Purchases & Changes 4.1 Purchasing Additional Storage 4.1.1 The Product includes the applicable allocation of based atastorage listed in section 3.2. Bynderwill provide written notice to Customer on the date that Customer's storage allocation has reached ninety-five percent (95%) of Customer's then -current data storage maximum. Upon receipt of such notice, Customer must without delay: (a) Purchase additional storage at the rate provided in Subsection; (b) provide written instructions to Bynder to delete files, specifying which files should be deleted; or (c) delete its own fi les to free up storage space. Should Customer fail to ensure it has adequate storage space and thereby reach its maximum storage capacity, Customer will be blocked from uploading additional files until additional storage has been purchased or storage has been freed up. Customer will retain access to the Product regardless of any upload blockage. 4.1.2Additional Storage Pricing Storage Amount Monthly Rate Additional TB (2-5) $100.00 Additional TB (6-10) $80.00 Additional TB (11+) $60.00 4.2 Additional User Pricing User Type UoM Monthly Rate Admin User Per User $80.00 Regular User (21-25) Per User $25.00 Regular User (26-50) Per User $20.00 Regular User (51+) Per User $16.00 20 Light Users Per Batch $50.00 50 Light Users Per Batch $100.00 100 Light Users Per Batch $150.00 500 Light Users Per Batch $500.00 1000 Light Users Per Batch $750.00 W bynder www.bynder.com Page 9 BynderAgreement Version 1.1_Kent DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential 4.3 Purchasing Additional Modules 4.3.1 Customer may purchase additional modules during the Term. Each time such a purchase is made, the Parties shall, in a separate purchase agreement, state the price of the selected module ("Purchase Subscription Fee"). The terms ofthis separate purchase agreement must be mutually agreeable. Any such purchase agreement shall also specify the date on which the Purchase Subscription Fee comes into effect. 4.3.2 Should any Professional Services be required forthe implementation of additional modules, those Professional Services will be charged atthe rate provided in 4.4. 4.4 Additional On boarding and Professional Services Pricing Services Rate Additional Onboarding Consultation (per business day of up to 8 hours) $2,000.00 Training online (per 2 hours) $600.00 Onsite (per person, per business day of up to 8 hours, travel expenses will be invoiced separately) $2,400.00 API or Plugin Support (per 2 hours) $600.00 Light Theming (up to 2 colors,1 font') $2,400.00 `Fonts: Bynder includes a cost provision for font licensing up to a value of $300. Any additional cost will be invoiced separately to the customer. W bynder www.bynder.com Page 10 Bynder Agreement Version 1.1_Kent DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential 5. Plus Success Package 5.1 A Success Package is related to the Subscription and creates a support system to help Customers to successfully use the Product. For general customer support in accordance with this Agreement, the Plus Success Package is available. For incident support, please see the SLA. Assistance outside the scope of the Success Packages shall be provided at the applicable Onboarding or Professional Services Rate in section 4.4. Plus Success Package With the services in the Plus Support Package, Bynder will provide the following (up to 3 hours per month): Training End user training- Up to four (4) one (1) hour sessions per year, via webinar Bynder Team Consultation Assistance with Product configurations Updates about relevant new features and functionality via personal demos Updates regarding relevant product roadmap items User adoption check -ins and strategy sessions Consulting on improvements to taxonomy, workflows, guidelines, and other modules (if purchased) Best practice recommendations pre- and post -launch DIY Template Creator support (if purchased) Standard Support Live phone and email support 24/7 First line of support for technical questions is support@bynder.com Access to 24/7 Online Knowledge Base (Link), new feature newsletters and a webinar series demonstrating new features and reviewing system functionality W ayndef www.bynder.com Page 11 BynderAgreement Version 1.1_Kent DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential 6. Subscription upgrades and downgrades 6.1 Minimum Upgrade amounts Customer can choose to upgrade its Subscription at any time in accordance with the prices stated in these Commercial Terms, with the following minimum upgrade volumes: • Additional Admin User:2 • Additional Regular Users: 5 • Additional Light User: 10 • Additional Storage (GB): 250 6.2 Downgrades The initial Subscription as reflected in 3.2 forms the baseline for Customer's Subscription ("Minimum Commitment"). Customer may downgrade its Subscription, provided that the following criteria are all satisfied: 6.2.1 Customer may downgrade once a year before the anniversary of the Project Start Date ("Downgrade Interval"); 6.2.2 Customer must provide written notice to Bynder detailing the intended downgrade forty-five (45) days prior to the anniversary of the Project Start Date to allow for accurate invoicing forthe subsequent billing cycle; and 6.2.3 Customer's Subscription does not fall below the Minimum Commitment. 7. Integration The written provisions and terms of this Agreement, together with any Exhibits attached hereto, shall supersede all priorverbal statements of any officeror other representative of the parties, and such statements shall not be effective or be construed as entering into or forming a part of or altering in any manner this Agreement. 8. TERMINATION 8.1 Termination for Convenience. The Customer reserves the right to terminate the Agreement, in whole or in part at any time when in the best interest of the Customer, without penalty or recourse. Upon receipt of ninety (90) days written notice, Bynder shall stop all work, as directed in the notice, notify all subcontractors of the effective date of the termination and minimize all further costs to the Customer. In the event of termination underthis paragraph, all documents, data and reports prepared by Bynder underthe Agreement shall become the property of and be delivered to the Customer upon demand. 8.2 Termination for Default. 8.2.1 The Customer may terminate the Contract in whole or in part due to the failure of Bynder to comply with any term or condition of the Agreement, to acquire and maintain all required insurance policies, or to make satisfactory progress in performing the Agreement. The Customer shall provide thirty days (30) written notice of the termination and the reasons for it to Bynder. W bynder www.bynder.com Page 12 Bynder Agreement Version 1.1_Kent DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential 8.2.2 Upon termination under this paragraph, all goods, materials, documents, data and reports prepared by Bynder under the Agreement shall become the property of and be delivered to the Customer on demand. 8.2.3 Continuation of Performance Through Termination. Byndershall continue to perform, in accordance with the requirements of the Agreement, up to the date of termination, as directed in the termination notice. 8.3 Refund of Pre -Paid Fees. Upon termination, Customershall be entitled to a refund of the pro-rata amount of any pre -paid fees from the date of termination. 8.4 Return of Customer Data. Within 90 calendar days of termination or expiration of the Agreement, Bynder shall return to Customer its Customer Data in an export format mutually agreed by the parties. Only after Bynder has returned Customer Data to the Customer may Bynder destroy Customer Data. Bynder shall provide a certificate to Customer certifying that Customer Data has been destroyed. 9. INDEMNIFICATION. Byndershall defend, indemnify and hold the Customer, its officers, officials, employees, agents and volunteers harmless from any and all claims, injuries, damages, losses orsuits, including all legal costs and attorney fees, arising out of or in connection with Bynder's performance of this Agreement, except for that portion of the injuries and damages caused by the Customer's negligence or by the content uploaded or generated by the Customer in using the Product, including claims that the content misappropriates the intellectual property rights of a third party. The forgoing indemnification obligation includes Bynder's agreementto indemnify and hold harmless Customer, its affiliates, and its and their officers, directors, employees, agents, and representatives from and against any and all liabilities, expenses, damages and costs, including but not limited to, reasonable attorneys' fees, related to all third party claims, charges and investigations that the Product, as delivered by Bynder, infringes on or misappropriates the intellectual property rights of a third party. IT IS FURTHER SPECIFICALLYAND EXPRESSLY UNDERSTOOD THAT THE INDEMNIFICATION PROVIDED HEREIN CONSTITUTES BYNDER'S WAIVER OF IMMUNITY UNDER INDUSTRIAL INSURANCE, TITLE 51 RCW, SOLELY FOR THE PURPOSES OF THIS INDEMNIFICATION. THE PARTIES FURTHER ACKNOWLEDGE THAT THEY HAVE MUTUALLY NEGOTIATED THIS WAIVER. To the extent not prohibited by law, Customer expressly agrees to indemnify and hold harmless Bynder, its affiliates, and its officers, directors, employees, agents, and representatives (collectively, the "Bynder Entities"), from and against any and all liabilities, expenses, damages and costs, including but not limited to, reasonable attorneys' fees, related to all third party claims, charges and investigations related to Customer data on the Productwhich infringes on the intellectual property rights or data privacy rights of anythird party. W bynder www.bynder.com Page 13 Bynder Agreement Version 1.1_Kent DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential In the event Bynder refuses tender of defense in any suitor any claim, if that tender was made pursuant to this indemnification clause, and if that refusal is subsequently determined by a court having jurisdiction (or other agreed tribunal) to have been a wrongful refusal on Bynder's part, then Bynder shall pay all the Customer's costs for defense, including all reasonable expert witness fees and reasonable attorneys' fees, plus the Customer's legal costs and fees incurred because there was a wrongful refusal on Bynder's part. The provisions of this section shall survive the expiration or termination of this Agreement. 10. INSURANCE. Bynder shall procure and maintain for the duration of the Agreement, insurance of the types and in the amounts described in Exhibit _Aattached and incorporated by this reference. 11. EXCHANGE OF INFORMATION. Customer will provide its best efforts to provide reasonable accuracy of any information supplied by it to Bynder for the purpose of completion of the work under this Agreement. 12. CUSTOMER'S RIGHT OF INSPECTION. Even though Bynder is an independent contractor with the authority to control and direct the performance and details of the work authorized under this Agreement, the work must meet the approval of the Customer and shall be subject to the Customer's general right of inspection to secure satisfactory completion. 13. MISCELLANEOUS PROVISIONS. 13.1 Non -Waiver of Breach. The failure of either party to insist upon strict performance of any of the covenants and agreements contained in this Agreement, orto exercise any option conferred bythis Agreement in one or more instances shall not be construed to be a waiver or relinquishment of those covenants, agreements or options, and the same shall be and remain in full force and effect. 13.2 Resolution of Disputes and Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of Washington. If the parties are unable to settle any dispute, difference or claim arising from the pa rties' performa nce of this Agreement, the exclusive means of resolving that dispute, difference or claim, shall only be by filing suit exclusively under the venue, rules and jurisdiction of the King County Superior Court, King County, Washington, unless the parties agree in writing to an alternative dispute resolution process. In any claim or lawsuit for damages arising from the parties' performance of this Agreement, each party shall pay all its legal costs and attorney's fees incurred in defending or bringing such claim or lawsuit, including all appeals, in addition to any other recovery or award provided by law; provided, however, nothing in this paragraph shall be construed to limit the Customer's right to indemnification under Section 9 of this Agreement. 13.3 Written Notice. All communications regarding this Agreement shall be sent to the parties at the addresses listed on the signature page of the Agreement, unless notified to the contrary. Any written notice W byflder www.bynder.com Page 14 Bynder Agreement Version 1.1_Kent DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential hereunder shall become effective three (3) business days after the date of mailing by registered or certified mail, and shall be deemed sufficiently given if sent to the addressee at the address stated in this Agreement or such other address as may be hereafter specified in writing. 13.4 Assignment. Any assignment of this Agreement by either party without the written consent of the non - assigning party shall be void. If the non -assigning party gives its consent to any assignment, the terms of this Agreement shall continue in full force and effect and no further assignment shall be made without additional written consent. 13.5 Modification. No waiver, alteration, or modification of any of the provisions of this Agreement shall be binding unless in writing and signed by a duly authorized representative of the City and the Consultant. 13.6 Compliance with Laws. Bynder agrees to comply with all federal, state, and municipal laws, rules, and regulations that are now effective or in the future become applicable to Bynder's business, equipment, and personnel engaged in operations covered by this Agreement or accruing out of the performance of those operations. 13.7 Public Records Act and Confidentiality. Bynder acknowledges that the Customer is a public agency subjecttothe Public Records Act codified in Chapter42.56ofthe Revised Codeof Washington and documents, notes, emails, and other records prepared or gathered by Bynder i n its performance of this Agreement may be subject to public review and disclosure, even if those records are not produced to or possessed by the Customer. As such, Bynder agrees to cooperate fully with the Customer in satisfying the Customer's duties and obligations underthe Public Records Act. If Bynder has marked and clearly identified a record as containing "Confidential Information" as that term is defined in Exhibit B, the Customerwill: (a) use its best efforts to give Bynder notice of a public records request orsubpoena thatseeks such Confidential Information, and (b) provide Byndera reasonable time period under the circumstances to obtain an injunction to enjoin the Customer from disclosing the requested Confidential Information to the party who has requested it. Regardless of any other provision in this Agreement to the contrary, the Customer will not assert on Bynder's behalf any exemption on the basis of the record's confidential or proprietary nature. Bynder agrees to hold the Customer harmless from any damages, claims, or attorneys' fees that may be incurred by or assessed against the Customer and related to Bynder's pursuit of an injunction to enjoin the Customer's disclosure of the requested record or information. 13.8 City of Kent Business License Required. Prior to commencing the tasks described in this Agreement, Bynder agrees to provide proof of a current City of Kent business license pursuant to Chapter 5.01 of the Kent City Code. The City shall notify Bynder if its license needs renewal. W bynder www.bynder.com Page 15 Bynder Agreement Version 1.1_Kent DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential III. Statement of Work On boarding for the Workgroup Package is based on a pre-setscope described below. Bynderwill assign one Onboarding resource to carry out the project implementation for a period of up to 12 consecutive weeks following the remote kick-off session. 14. What is included in your Bynder Onboarding 14.1 Onboarding consultancy A Bynder onboarding expert, Onboarding Manager, will assist Customer during onboarding activities. The Onboarding Manager will be available starting at the Project Start Date through the end of the 12th consecutive week, or the project sign off, whichever comes first. The Onboarding ManagerwiII lead Bynder configuration efforts and weekly meetings. If Customer needs additional consultation or configuration hours beyond the initial scope, rates are outlined in section 4.4 14.2 Kick-off workshop Bynder's onboarding starts with a remote 1-2 hour kick-off workshop organized by the Onboarding Manager. During this kick-off workshop, Bynder and the Customerwill align on the project timelines, deliverables, and expectations. 14.3 System configuration The Onboarding Manager will create the portal, configuring the Product based on the Subscription, including Bynder Express and Bynder Wizard. The Login Page, Homepage, and asset derivatives will be configured during the onboarding based on Customer input. 14.4 Taxonomy setup The Onboarding Manager will help the Customer define a taxonomy based on Bynder best practices according to Customer's use case. The Onboarding Consultant will configure the initial taxonomy in the portal. 14.5 Default Permissions &Access Rights setup The Onboarding Manager will configure Light, Regular and Admin User profiles based on Bynder best practices according to Customer's use case. 14.6 API access and plugins Customer will have access to the Bynder API and any plugins Bynder offers for free on the Bynder Marketplace. Bynder will provide Customer with access to Bynder API documentation and Bynder SDKs. API and plugin support can be purchased separately as a Professional Service as outlined in section 4.4. W bynder www.bynder.com Page 16 Bynder Agreement Version 1.1_Kent DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential 14.7 Single Sign -On (SSO) configuration The Product can be connected to the Customer's Active Directory. Byndersupportsstandards and services for SSO integration using Security Assertion Markup Language (SAML 2.0). 14.8 Digital Brand Templates The Customer Onboarding Manager(s) will set up the module in the portal and make relevant admin training content available forthe Customer. Customerwill then be able to configure templates based on Sketch or Photoshop files. Customer will be able to set rules on what elements are locked and what can be changed. Customer can produce new productions of templates, using self-service engine to edit text and apply images. 14.9Advanced Brand Guidelines The Customer Onboarding Manager(s) will set up the module in the portal and make relevant admin training content available for the Customer. Customer will then be able to document brand and design elements, such as tone of voice, colors, and typography and set rules on creating visual content. Customer will have full access to structure multiple guides, chapters, and pages with widgets to intuitively organize content. 14.10 Custom URL The Product may have a customized URL to make it easier for Users to access the environment. Bynder requires the use of SSL to ensure data security. The Onboarding Manager may help Customer set up a valid custom URL. 14.11 Admin training The Onboarding Manager will provide one remote training session for Admin Users (up to 2 hours). This trainingwill cover DAM and Portal maintenance for Customerto maintain the Product on an ongoing basis. The Onboarding Managerwill request a formal sign off once all contracted deliverables in sections 8.1— 8.11 are complete. Once the Customer acknowledges sign off or after 12 weeks from the Project Start Date, the Statement of Work is considered complete. Additional services are available as outlined in section 4.4. 15. Assumptions and Caveats 15.1 In orderto successfully complete onboarding within the allotted timeframe, Bynder requires Customer commitment. This commitment consists of availability forscheduled meetings, timely responses and feedback, and attendance of the kick-off session and scheduled calls. 15.2 In orderto achieve longterm success, quality inputfrom the Customer is needed during onboarding. 15.3 Customershall have a team available for Onboarding duringthe timeframe. The Customerteam should at least consist of a Project Ownerwho is responsible for gathering input and (authorized) decision making, as well as an executive sponsor and escalation point. 15.5 Customer will perform (user) tests and provide timely feedback to Bynder during the Onboarding activities described above. W bynder www.bynder.com Page 17 Bynder Agreement Version 1.1_Kent DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential IV. Applicable Terms, Policies & Disclaimers The following Terms, Policies & Disclaimers are attached and incorporated into this Agreement in full. The written provisions and terms of the Agreement and all its referenced Exhibits shall supersede all prior verbal statements of any officer of other representative of Bynder, or any Terms, Policies & Disclaimers or other provisions Bynder has posted on its website, and such statements or web postings shall not be effective or be construed as entering into, or forming a part of, or altering, in any manner, this Agreement. In the event of conflict among terms, this Agreement shall have precedence over the Exhibits, and each Exhibit will have precedence over the Exhibits which follow (e.g. Exhibit shall have precedence over Exhibit B, which shall in turn have precedence over Exhibit C, etc.). Should any language in any of the Exhibits to this Agreement conflict with any language contained in this Agreement, the terms of this Agreement shall prevail Any changes to the Agreement or any Exhibits thereto are effective only upon mutual acceptance and signing of a proper Amendment to this Agreement. Insurance City of Kent's insurance requirements forvendors are described in Exhibit A, are attached and incorporated by this reference. Standard Terms of Service Bynder's Standard Terms of Service set out the additional points of your agreement with Bynder, and they are attached and incorporated as Exhibit B. Acceptable Use Policy Bynder's Acceptable Use Policy ("AUP") sets out the user rules for any Product offered by Bynder, and they are attached and incorporated as Exhibit C. Service Level Agreement Bynder's Service Level Agreement ("SLA") sets out our Uptime guarantee and support efforts for the Product, and they are attached and incorporated as Exhibit D. W byndelr www.bynder.com Page 18 Bynder Agreement Version 1.1_Kent DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential Integrations Terms of Use Bynder's Integrations Terms of Use sets out the rules for use and support of integrations, and they are attached and incorporated as Exhibit E. API Terms of Use Bynder's API Terms of Use sets out the rules for access and use of Bynder's API, and they are attached and incorporated as Exhibit F. Global Privacy Policy Bynder's Global Privacy Policy sets out terms for privacy policy and is attached and incorporated as Exhibit G. Data Processing Addendum The Data Processing Addendum ("DPA") reflects the Parties' agreement with respect to the Processing of Personal Data under this Agreement and Bynder's Standard Terms of Service, and is attached and incorporated as Exhibit H. Third Party Tooling Disclaimers DISCLAIMER: Bynder Wizard (optional service) The Bynder Wizard is a virtual training tool that provides step-by-step guides within your Bynder environment. This tool is opt -out, offered free of charge, and maybe discontinued by Bynder in its sole discretion. The Bynder Wizard is a product developed and offered by a third party, WalkMe Ltd ("WalkMe") and as such, is not covered by the SLA. Still, Bynder will aim to provide Customer Support to the same standard as set out in the Agreement. By using the Bynder Wizard, Customer grants permission for Bynder to share anon,, m� information as required by WalkMe to configure the tool. WalkMe may transfer, store, and access anonymized information from Customer's portal and may conduct User surveys, both of which will be shared with Bynder. WalkMe processes data in the United States and other locations that may be differentto Customer's selected data hosting location. For more information, please see Walk Me's Information Security policy (www.walkme.com/walkme-security/) and Privacy Policy (www.walkme.com/privacy-policyZ) under "Service Scope" and "Changes to this Privacy Policy"). Bynder is not responsible for information provided by WalkMe. DISCLAIMER: BynderAnalytics BynderAnalytics is a non -binding service and is offered by Bynder at its discretion and as such Bynder has no obligation to provide technical or customersupport and may discontinue it at itssole discretion. BynderAnalytics basic is a product developed and offered by a third party, Sisense Ltd ("Sisense"). Bynder Analytics is intended for end -user analysis of platform metrics, such as assets, number of user license and other available product metrics. As it is a third -party application within Bynder, it may not meet the performance standards of a commercially available product at any time, W bynder www.bynder.com Page 19 Bynder Agreement Version 1.1_Kent DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential and assuch is not covered by our Service Level Agreement. Bynder Analytics may not always operate correctly and may be substantially modified before its commercial release or the commercial release of new modules and features. The entire risk arising out of use or performance of Bynder Analytics and any use of related documentation remains entirely with the Customer. By using Bynder Analytics, Customer grants permission for Bynder to share pseudon, m� information as required by Sisense to configure thetooL Sisense maytransfer, store, and access pseudonymized information from Customer's portal and may conduct User surveys, both of which will be shared with Bynder. Sisense may process data in the United States and other locations that may be differentto Customer's selected data hosting location. For more information, please see Sisense's privacy policy (www.sisense.com/privaa-policyjj. Bynder is not responsible for information provided by Sisense. Other Disclaimers DISCLAIMER: Use of the Product in Restricted Regions Bynder and its suppliers shall have no liability whatsoever to Customer for any damages forthe non-functioning of the Product (whether as a whole or in part) due to unavailability of the internet or due to changes in legislation ortechnical restrictions that are beyond Bynder's control in certain countries. In the event of a change in laws or regulations in any of the countries in which Customer has Users, including changes to laws and regulations on cloud computing services, data protection and privacy, or Software as a Service, which impacts Bynder's ability to offerthe Product, Customer accepts that Bynder may limit the availability of the Product in a manner to be determined in Bynder's sole discretion, and Customer releases Bynderfrom any liability relating to such limitation. Bynder makes no warranties or guarantees whatsoever in relation to the availability of the Product in China. Any service level agreement applicable to Customer's use of a Bynder product shall not apply for Users within China. W byndelr www.bynder.com Page 20 Bynder Agreement Version 1.1_Kent DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential V. Definitions Brand Guidelines -the module that enables Customer to standardize and easily access all the information that pertains to the brand's corporate identity guidelines. For example, Users can access the parameters of how and when images or logos can be presented, or the preferred fonts. Brand Templates -the module for the standardized production of Assets. With Brand Templates, Users can utilize the Brand Templates self-service processing engine to create both print and online media via web browser and save in a desired output format. Brand Templates processed by Bynder- a service in which Bynderwill process Brand Templates for the Customer. Content Delivery Network (CDN) - the module for global distribution via a network of proxy servers deployed in multiple data centers. The goal of CDN is to provide end users with high performance of the Product and high availability content. Standard CDN offering is provided through AWS Cloud Front. Creative Workflow - the module for creative collaboration and workflow management. Custom U RL - the web address chosen by Customer to be used for its environment. Customer Success Manager - a Bynder employee who is Customer's contact person after the Onboarding phase. Digital Asset Management (DAM) - the central repositorywhere Customer can store, manage, and share its Customer Data with the optional use of shareable collections. Extended Theming - the unique appearance and theming of the Product based on Customer's requirements. Homepage - the customizable landing page of the customer's Product. Knowledge Base - Bynder help portal located on the Bynder website (support.bynder.com) that publishes information on how to perform tasks in the Product and provides answers to frequently asked questions. Light Theming - the unique appearance and theming of the Product based on the customer's requirements, limited to 2 colors and 1 font. Media Import- the upload of Customer's digital media files and import of associated metadata to Customer's environment. Meta properties -information that is applied to digital assets to define them and to facilitate asset searches. Project Plan -the document that outlines the objectives, Deliverables, and time frames of the Project. A customized Project Plan will be delivered during Onboarding. Project Start Date - the date on which implementation of the Product commences. This is also the date from which the Subscription Fee is calculated. Single Sign On (°°SSO") -the use of Customer's existing company authentication system to access the Product. Success Packages -the tiered subscription plans for customersupport set out in the Standard Agreement, selected by Customer, and included in the calculation of the Subscription Fee. Taxonomy -the structured categorization of the Customer Data within the Product. Template Configuration - the technical setup to customize a piece of content for use as a template in the Brand Templates module (for example, a template for a brochure or a business card). Train the Trainer -training for Users, who will then be able to train other Users within Customer's organization. User Rights & Permissions - the scope of access rights and restrictions associated with a specific User, defining what the User can and cannot do in the Product. User Training— Product and best practice education provided by Bynderteam to Users. 4 aynder www.bynder.com Page21 Bynder Agreement Version 1.1_Kent DocuSign Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF Agreement Confidential User Definitions (dependent on Modules purchased): Light Users are your consumers. In Bynder, Light Users are leveraging the following rights: ❑ In the Asset Bank, Light Users have the right to search, read, download and share media. Light Users can create and share personal Collections, and upload media for approval. ❑ On the Homepage, Light Users can view News Content, Quicklinks, and Featured Collections. ❑ In the Guidelines module, Light Users have the right to view and share pages. ❑ In the Brand Templates module, Light Users can create and download an asset based on a template. Regular Users are your contributors. In addition to all of the rights of a Light User, Regular Users have additional access, including the following: ❑ In the Asset Bank, Regular Users can upload directly to the Portal, edit metadata on assets, access previous versions of assets, delete assets, and Audit media in the Waiting Room. ❑ On the Homepage, Regular Users can manage News Content and feature Collections. ❑ In the Guidelines module, Regular Users have the rightto edit and create pages and chapters. ❑ In the Brand Templates module, Regular Users can create and manage templates, and also utilize templates to create an asset. ❑ In the Workflow module, Regular users can initiatejobs, and review and approve assets. Admin Users are your Portal Administrators. In addition to all of the rights of a Regular and Light User, Admin (Heavy) Users have additional access, including the following: ❑ In the Portal Settings, Heavy users have the right to manage users and permissions, manage API tokens, view Change History, and manage the Look & Feel. ❑ In BynderAnalytics, Heavy users have access to view and download data. ❑ In the Asset Bank, Heavy Users have the right to manage the taxonomy. Heavy users can view other users' personal collections. ❑ In the Workflow module, Heavy users can have workflow admin rights, create and manage workflow presets, and manage workflow metaproperties. ❑ In the Brand Templates module, Heavy Users can manage template availability in the Template Job Preset. W byndelr www.bynder.com Page 22 BynderAgreement Version 1.1_Kent n Envelope ID: 7A7994AD-49D9-410E-9D01-2567360ADABF �1T1aIII: 5 EXHIBIT A INSURANCE EXHIBIT A INSURANCE REQUIREMENTS FOR VENDOR SERVICES AGREEMENTS Insurance The Vendor shall procure and maintain for the duration of the Agreement, insurance against claims for injuries to persons or damage to property which may arise from or in connection with the performance of the work hereunder by the Vendor, their agents, representatives, employees or subcontractors. A. Minimum Scope of Insurance Vendor shall obtain insurance of the types described below: 1. Automobile Liability insurance covering all owned, non - owned, hired and leased vehicles. Coverage shall be written on Insurance Services Office (ISO) form CA 00 01 or a substitute form providing equivalent liability coverage. If necessary, the policy shall be endorsed to provide contractual liability coverage. 2. Commercial General Liability insurance shall be written on ISO occurrence form CG 00 01 and shall cover liability arising from premises, operations, independent contractors, products -completed operations, personal injury and advertising injury, and liability assumed under an insured contract. The Gemmer-emal GeRer-al Liability !RSUFanee shall be !SO fee-F•, GG 25 03 11 85. The City shall be named as an insured under the Vendor's Commercial General Liability insurance policy with respect to the work performed for the City using ISO additional insured endorsement CG 20 10 11 85 or a substitute endorsement providing equivalent coverage. 3. Professional Liability insurance appropriate to the Vendor's profession. 4. Cyber Liability insurance. 5. Workers' Compensation coverage as required by the Industrial Insurance laws of the State of Washington. B. Minimum Amounts of Insurance Vendor shall maintain the following insurance limits: EXHIBIT A (Continued) 1. Automobile Liability insurance with a minimum combined single limit for bodily injury and property damage of $1,000,000 per accident. 2. Commercial General Liability insurance shall be written with limits no less than $2,000,000 each occurrence, $3,000,000 general aggregate. Coverage may be in the form of an underlying GL policy combined with an Umbrella/Excess policy in order to meet the limits required. 3. Professional Liability insurance shall be written with limits no less than $1,000,000 per claim and $2,000,000 policy aggregate limit. 4. Cyber Liability insurance shall be written with limits no less than $1,000,000 per occurrence C. Other Insurance Provisions The insurance policies are to contain, or be endorsed to contain, the following provisions for Automobile Liability and Commercial General Liability insurance: 1. The Vendor's insurance coverage shall be primary insurance as respect the City. Any Insurance, self-insurance, or insurance pool coverage maintained by the City shall be excess of the Vendor's insurance and shall not contribute with it. 2. The Vendor's insurance shall be endorsed to state that coverage shall not be cancelled by either party, except after thirty (30) days prior written notice by certified mail, return receipt requested, has been given to the City. 3. The City of Kent shall be named as an additional insured on all policies (except Professional Liability) as respects work performed by or on behalf of the Vendor and a copy of the endorsement naming the City as additional insured shall be attached to the Certificate of Insurance. The City reserves the right to receive a certified copy of all required insurance policies. The Vendor's Commercial General Liability insurance shall also contain a clause stating that coverage shall apply separately to each insured against whom claim is made or suit is brought, except with respects to the limits of the insurer's liability. D. Acceptability of Insurers Insurance is to be placed with insurers with a current A.M. Best rating of not less than A:VII. EXHIBIT A (Continued) E. Verification of Coverage Vendor shall furnish the City with original certificates and a copy of the amendatory endorsements, including but not necessarily limited to the additional insured endorsement, evidencing the insurance requirements of the Vendor before commencement of the work. F. Subcontractors Vendor shall include all subcontractors as insureds under its policies or shall furnish separate certificates and endorsements for each subcontractor. All coverages for subcontractors shall be subject to all of the same insurance requirements as stated herein for the Vendor. BYNDLLC-01 MELDRNA ACORO CERTIFICATE OF LIABILITY INSURANCE TE (MMIDD/YYYY) PA1/27reo22 THIS CERTIFICATE IS ISSUED AS A MATTER OF INFORMATION ONLY AND CONFERS NO RIGHTS UPON THE CERTIFICATE HOLDER. THIS CERTIFICATE DOES NOT AFFIRMATIVELY OR NEGATIVELY AMEND, EXTEND OR ALTER THE COVERAGE AFFORDED BY THE POLICIES BELOW. THIS CERTIFICATE OF INSURANCE DOES NOT CONSTITUTE A CONTRACT BETWEEN THE ISSUING INSURER(S), AUTHORIZED REPRESENTATIVE OR PRODUCER, AND THE CERTIFICATE HOLDER. IMPORTANT: If the certificate holder is an ADDITIONAL INSURED, the policy(ies) must have ADDITIONAL INSURED provisions or be endorsed. If SUBROGATION IS WAIVED, subject to the terms and conditions of the policy, certain policies may require an endorsement. A statement on this certificate does not confer rights to the certificate holder in lieu of such endorsement(s). PRODUCER CONTACT NAME: PHONE FAX (A/C, No, EXt): (734) 741-0044 (A/C, No):(734) 741-1850 Hylant - Southeast Michigan 24 Frank Lloyd Wright Dr, Ste J4100 Ann Arbor, MI 48105 ADDRIE : AnnArbor-office@hylant.com INSURERS AFFORDING COVERAGE NAIC # INSURER A: National Union Fire Ins Co of Pittsburgh PA 19445 INSURED INSURER B : INSURER C : Bynder LLC ATTN.: Erna Spaans Schaeffer 321 Summer Street, Floor 1 INSURER D : INSURER E : Boston, MA 02210-1264 INSURER F : COVERAGES CERTIFICATE NUMBER: REVISION NUMBER: THIS IS TO CERTIFY THAT THE POLICIES OF INSURANCE LISTED BELOW HAVE BEEN ISSUED TO THE INSURED NAMED ABOVE FOR THE POLICY PERIOD INDICATED. NOTWITHSTANDING ANY REQUIREMENT, TERM OR CONDITION OF ANY CONTRACT OR OTHER DOCUMENT WITH RESPECT TO WHICH THIS CERTIFICATE MAY BE ISSUED OR MAY PERTAIN, THE INSURANCE AFFORDED BY THE POLICIES DESCRIBED HEREIN IS SUBJECT TO ALL THE TERMS, EXCLUSIONS AND CONDITIONS OF SUCH POLICIES. LIMITS SHOWN MAY HAVE BEEN REDUCED BY PAID CLAIMS. INSR LTR TYPE OF INSURANCE ADDL INSD SUBR WVD POLICY NUMBER POLICY EFF MM DD YYW POLICY EXP MM DD YY LIMITS A X COMMERCIAL GENERAL LIABILITY EACH OCCURRENCE $ 1,000,000 CLAIMS -MADE a OCCUR GL5199775 1/1/2022 1/1/2023 DAMAGE TO RENTED PREMI E E rr n 100,000 $ MED EXP (Any oneperson) $ 10,000 PERSONAL & ADV INJURY $ 1,000,000 GEN'L AGGREGATE LIMIT APPLIES PER: GENERAL AGGREGATE $ 2,000,000 POLICY PE� LOC PRODUCTS - COMP/OP AGG $ 0 $ OTHER: A AUTOMOBILE LIABILITY S OMBIid n INGLE LIMIT (CEO, $ BODILY INJURY Perperson) $ ANY AUTO CA6580179 1/1/2022 1/1/2023 OWNED SCHEDULED AUTOS ONLY AUTOS BODILY INJURY Per accident 1,000,000 $ X PROPERTY DAMAGE Per accident $ HIRED X NON -OWNED AUTOS ONLY AUTOS ONLY UMBRELLA LIAB OCCUR EACH OCCURRENCE $ HCLAIMS-MADE AGGREGATE $ EXCESS LIAB DED I I RETENTION $ $ WORKERS COMPENSATION AND EMPLOYERS' LIABILITY Y / N PER OTH- TAT TE ER ANY PROPRIETOR/PARTNER/EXECUTIVE E.L. EACH ACCIDENT $ OFFICER/MEMBER EXCLUDED? ❑ (Mandatoryin NH) N I A E.L. DISEASE - EA EMPLOYEE $ If yes, describe under DESCRIPTION OF OPERATIONS below E.L. DISEASE - POLICY LIMIT $ A Professional/Cyber 19520850 1/1/2022 1/1/2023 Per Claim 1,000,000 DESCRIPTION OF OPERATIONS I LOCATIONS I VEHICLES (ACORD 101, Additional Remarks Schedule, may be attached if more space is required) See attached AIG Insurance certificate for total coverage. Total coverage is follow form. Total Limits: Policy #70.21.3531 General Liability - EUR 2.5M any one claim/5M aggregate Policy #30.19.18040 Professional Liability - EUR 10M any one claim/10M aggregate Policy #30.19.18040 Cyber Liability - EUR 5M any one claim/5M aggregate City of Kent is an additional insured as required by written contract SEE ATTACHED ACORD 101 CERTIFICATE HOLDER CANCELLATION SHOULD ANY OF THE ABOVE DESCRIBED POLICIES BE CANCELLED BEFORE City of Kent y THE EXPIRATION DATE THEREOF, NOTICE WILL BE DELIVERED IN ACCORDANCE WITH THE POLICY PROVISIONS. 220 Forth Ave. S. Kent, WA 98032 AUTHORIZED REPRESENTATIVE j� t�G . �Si k„-DIC3CY1-1 ACORD 25 (2016/03) @ 1988-2015 ACORD CORPORATION. All rights reserved. The ACORD name and logo are registered marks of ACORD AGENCY CUSTOMER ID: BYNDLLC-01 MELDRNA LOC #: AFRO AGENCY Hylant - Southeast Michigan POLICY NUMBER SEE PAGE 1 CARRIER SEE PAGE 1 iDDITIONAL REMARKS ADDITIONAL REMARKS SCHEDULE Page 1 of 1 NAMED INSURED BynderLLC ATTIC: Erna Spaans Schaeffer 321 Summer Street, Floor 1 Boston, MA 02210-1264 NAIC CODE iEE P 1 EFFECTIVE DATE: THIS ADDITIONAL REMARKS FORM IS A SCHEDULE TO ACORD FORM, FORM NUMBER: ACORD 25 FORM TITLE: Certificate of Liability Insurance Description of Operations/Locations/Vehicles: General Liability is primary 30 days notice of cancellation except non-paymen of premium which is 10 days ACORD 101 (2008101) © 2008 ACORD CORPORATION. All rights reserved. The ACORD name and logo are registered marks of ACORD AIG Certificate Insurance Herewith we, the AIG Europe S.A., Netherlands Branch, declare we have insured the following insurance. Policynumber 70.21.3531 Policy Holder BYNDER HOLDING B.V. MAX EUWEPLEIN 46 1017 MB AMSTERDAM NETHERLANDS Additional Insured Bynder Software S.L. Bynder Ltd. Luma Marketing Technologies B.V. Bynder LLC Bynder Software FZ LLC Product Comprehensive general liability insurance including employer's liability, products liability and completed operations and sudden and accidental pollution. Policy Period From: 1 January 2022 To: 1 January 2023 Both days at 0.00 hours, with tacit renewal for a period of 12 months unless cancelled in accordance with the policy wording Limit of Liability EUR 2,500,000.00 per claim and EUR 5,000,000.00 in the aggregate Territory : Worldwide Policy Wording According to the policy wording Algemene Voorwaarden AVB 2020, including all applicable special conditions and endorsements Insurance broker : KROEZEN VERZEKERINGEN This certificate does not amend, extend or alter the coverage afforded by the policy, and in case of a dispute the policy and policy wording will prevail. AIG Europe S.A. is an insurance undertaking incorporated under the laws of Luxembourg with R.C.S. Luxembourg number B218806. AIG Europe S.A. has its head office at 35D Avenue J.F. Kennedy, L-1855 Luxembourg. www.aig.lu. AIG Europe S.A. is a non -life insurer authorised by the Luxembourg Minister of Finance and supervised by the Commissariat aux Assurances. The Dutch branch of AIG Europe S.A., also acting under its tradename AIG Europe, Netherlands, has its registered branch office at Crystal Building B, Rivium Boulevard 216-218, (2909 LK) Capella aan den IJssel. Chamber of Commerce number: 71305491 Correspondence: AIG Europe, Netherlands, Postbus 8606, 3009 AP Rotterdam Tel: +31 (0)10 453 5455 VAT number: NL858662590B01 Bank account: NL09 ABNA 0254 0195 36 BIC: ABNANL2A You can find our Privacy policy on www.aig.com/nl-privacybeleid. AIG Capelle aan den IJssel, January 6, 2022 AIG Europe S.A., Netherlands Branch J.M.J. Zohlandt General Manager RIVIUM BOULEVARD 216 - 218 2909 LK CAPELLE AAN DEN IJSSEL AIG Europe S.A. is an insurance undertaking incorporated under the laws of Luxembourg with R.C.S. Luxembourg number B218806. AIG Europe S.A. has its head office at 35D Avenue J.F. Kennedy, L-1855 Luxembourg. www.aig.lu. AIG Europe S.A. is a non -life insurer authorised by the Luxembourg Minister of Finance and supervised by the Commissariat aux Assurances. The Dutch branch of AIG Europe S.A., also acting under its tradename AIG Europe, Netherlands, has its registered branch office at Crystal Building B, Rivium Boulevard 216-218, (2909 LK) Capella aan den IJssel. Chamber of Commerce number: 71305491 Correspondence: AIG Europe, Netherlands, Postbus 8606, 3009 AP Rotterdam Tel: +31 (0)10 453 5455 VAT number: NL858662590B01 Bank account: NL09 ABNA 0254 0195 36 BIC: ABNANL2A You can find our Privacy policy on www.aig.com/nl-privacybeleid. JAIGI Insurance certificate We herewith confirm that we, the Underwriter of AIG Europe S.A., Netherlands Branch, have accepted the following Cyber Edge & Professional Liability Insurance with policy number 30.19.18040 for Bynder Holding B.V. INSURED: Bynder Holding B.V. Bynder B.V. Bynder LLC (USA) Bynder Ltd (UK) Bynder Software S.L. (Spain) Luma Marketing Technologies BV (The Netherlands) Bynder Software FZ-LLC (Dubai) ADDITIONAL INSURED: In accordance with clause ADA Additionele verzekerde (Loss Payee) on the policy: - Wells Fargo National Association - London Branch INSURANCE PERIOD: From January 1, 2022 till January 1, 2023, both days at 0.00 hrs SUM INSURED: Professional Liability Coverages EUR 10,000,000.00 any one claim and EUR 10,000,000 in the aggregate CyberEdge Coverages EUR 5,000,000.00 any one claim and EUR 5,000,000.00 in the aggregate DEDUCTIBLE: EUR 100,000.00 any one claim INTERMEDIARY: Kroezen Verzekeringen JURISDICTION: Worldwide, including USA and/or Canada. This certificate is subject to the terms, conditions and limitations of the policy, with policy number 30.19.18040 issued in the Dutch language and in the event of claims or disputes the original policy wording will be binding. IAIG Capelle aan den IJssel, January 7, 2022 AIG Europe S.A., Netherlands Branch RIVIUM BOULEVARD 216 - 218 2909 LK CAPELLE AAN DEN IJSSEL POLICY NUMBER: GL 519-97-75 COMMERCIAL GENERAL LIABILITY CG 20 26 04 13 THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY. ADDITIONAL INSURED - DESIGNATED PERSON OR ORGANIZATION This endorsement modifies insurance provided under the following: COMMERCIAL GENERAL LIABILITY COVERAGE PART SCHEDULE Name Of Additional Insured Person(s) Or Organization(s): CITY OF KENT 220 FORTH AVE. S KENT, WA 98032 Information required to complete this Schedule, if not shown above, will be shown in the Declarations. A. Section II - Who Is An Insured is amended to include as an additional insured the person(s) or organization(s) shown in the Schedule, but only with respect to liability for "bodily injury", "property damage" or "personal and advertising injury" caused, in whole or in part, by your acts or omissions or the acts or omissions of those acting on your behalf: 1. In the performance of your ongoing operations; or 2. In connection with your premises owned by or rented to you. However: 1. The insurance afforded to such additional insured only applies to the extent permitted by law; and 2. If coverage provided to the additional insured is required by a contract or agreement, the insurance afforded to such additional insured will not be broader than that which you are required by the contract or agreement to provide for such additional insured. B. With respect to the insurance afforded to these additional insureds, the following is added to Section III - Limits Of Insurance: If coverage provided to the additional insured is required by a contract or agreement, the most we will pay on behalf of the additional insured is the amount of insurance: 1. Required by the contract or agreement; or 2. Available under the applicable Limits of Insurance shown in the Declarations; whichever is less. This endorsement shall not increase the applicable Limits of Insurance shown in the Declarations. CG 20 26 04 13 0 Insurance Services Office, Inc., 2012 Page 1 of 1 ❑ EXHIBIT B STANDARD TERMS OF SERVICE C9 bynder Standard Terms of Service Bynder LLC These standard terms of service ("Terms") apply to any Order Form between Bynder LLC ("Bynder') and the entity that has executed the Order Form ("Customer'). Bynder's Global Privacy Policy (Exhibit G), Cookie Policy, and Service Level Agreement (Exhibit D), , are hereby incorporated by reference into each Order Form. 1. Order Form 1.1 Pursuant to the terms ofthe Agreement, and from time to time during the term of the Agreement, Bynder may provide Customer with services or access to a product or application as specified in an order form (each, an "Order Form"). Each Order Form is incorporated into the Agreement by reference and will include a description of the services or a description of the product or application to be provided by Bynder and the fees payable to Bynder for the services, product, application, or related deliverables provided (the "Product'). To the extent that any conflict arises between the Agreement and an Order Form, the Order Form shall control. The parties acknowledge and agree that until an Order Form is executed by the parties, Bynder is not required to provide any services or access to any product or application hereunder by virtue of the Agreement alone. 1.2 Each Order Form includes a statement of work ("SOW") which describes the work requirements for the implementation of the Product and defines project -specific activities and deliverables. 2. Product Access Terms 2.1 Customer's subscription to the Product grants Customer access to and use of the number of portals, Users, modules, quantity of storage, and traffic volume specified in the applicable Order Form. 2.2 These Terms govern the access to and use of the Product by Customer and any individual who accesses and/or uses the Product through Customer's account ("User'). 2.3 Each User is assigned unique login credentials that grant the User access to the Product as provided in any applicable Order Form. Customer and Users are expressly forbidden from allowing another individual to access the Product using the same login credentials. Each User account must correspond solely to one individual person. 2.4 Access to and use ofthe Product is granted to Customer subject to its Users abiding bythe terms ofthe Agreement, expressly including the Usage Policies. 2.5 Customer may provide User accounts to any individual, including, without limitation, to Customer employees, freelancers, employees of Customer affiliates and Customer's own clients. Customer is responsible for Customer's and its Users' access to and use of the Product, and Customer Data, as defined in Section 4.1. 2.6 Users may access the Product only if Customer has paid in full any applicable Subscription Fee. 2.7 The Product is designed and intended to hold Customer's promotional branding and marketing materials and its components. 2.8 Customer may access the Product and use any content in the Product for Customer's business purposes in accordance with these Terms. 2.9 In case of violation of the Product Access Terms in this Section 2 by Customer, Bynder may, at its sole discretion, after a fair and reasonable remedy period depending on the severity ofthe violation, either suspend or terminate access to the Product. 2.10 The terms of the Agreement apply to all offers and contracts pursuant to which Bynder provides to Customer the Product. Customer agrees that purchases made by Customer through a User are valid purchase orders accepted by Bynder. Bynder will invoice Customer for the purchase beginning from the date that the purchase is made available to Customer. 3. Ownership of Intellectual Property Rights 3.1 Customer retains all of its rights to any Customer Data that Customer uploads, submits, posts or displays on or through the Product and Customer is responsible for protecting those rights. Customer grants to Bynder the right to access, use, or modify such Customer Data only as necessary to provide the Product and carry out its obligations under the Agreement. 3.2 Bynder retains all right, title, and interest in and to the Product and any documentation available in the Product. The source code is at all times owned by Bynder. Bynder grants to Customer all rights required for Customer to use the Product in accordance with the Agreement. 3.3 Except as expressly stated in the Agreement, no rights are granted by either Party to the other with respect to its intellectual property rights, and nothing in the Agreement shall be construed to grant to either Party any right, title, or other interest. There are no implied rights granted under the Agreement. 4. Customer Data 4.1 "Customer Data" means electronic data, text, documents, pictures, videos, or other materials uploaded to, generated and/or stored within the Product by Customer and Users. 4.2 All Customer Data is the sole responsibility of Customer. Any use of or reliance on any Customer Data or materials posted via the Product or obtained by Customer through the Product is at Customer's own risk. Bynder takes no responsibility and assumes no liability for Customer Data that Customer or any third party uploads, submits, posts or displays in or through the Product. 4.3 By using Customer Data in orthrough the Product, Customer warrants that: (a) Customer owns the Customer Data and/or has the right to use it and the right to grant Bynder the rights as provided in these Terms; (b) the Customer Data and Customer's use ofthe Customer Data in or through the Product does not violate the privacy rights, publicity rights, copyrights, trade secret rights, contract rights or any other rights of any individual or entity; (c) the Customer Data and Customer's use of the Customer Data does not violate any applicable laws and does not advocate or could not reasonably be expected to induce illegal activity; (d) Customer Data and Customer's use of Customer Data is not threatening, abusive, harassing, stalking, defamatory, deceptive, false, misleading or fraudulent. Bynder reserves the right to immediately suspend Customer's account and take appropriate measures if Bynder receives a notice alleging that Customer Data infringes on third party intellectual property rights. Standard Terms of Service Version: v.14 Kent Pagel of 4 Bynder LLC Issued: 22, October 2021 C9 bynder 4.4 Bynder shall only access Customer Data: (a) upon the express consent or request of Customer; (b) to the extent required by applicable law or regulation or judicial proceeding; (c) to the extent Bynder believes in good faith that access is reasonably necessary to protect the property or rights of Bynder, third parties; and (d) to the extent reasonably necessary to provide the Product and carry out its obligations under the Agreement. S. Acceptable Use Policy 5.1 Except as otherwise provided in our Responsible Disclosure Policy located at www.bynder.com/en/legal/responsible-disclosure-12olicy Customer may not do any of the following while accessing or using the Product: (a) reverse engineer the Product or otherwise extract knowledge from or create derivative work of the Product; (b) test the vulnerability of any system or network or breach or circumvent any security or authentication measures, including without limitation, by scanning, penetrating testing and/or submitting the Product to bug bounty programs; (c) access or search the Product by any means (automated or otherwise) other than through interfaces that are provided by Bynder, unless Customer has been specifically allowed to do so in a separate written and executed agreement with Bynder; (d) use the Product to send altered, deceptive or false source -identifying information; or (e) interfere with or create an undue burden on the Product, including without limitation, by sending a virus, overloading or denying service, spamming or by scripting. 6. Bynder Responsibilities 6.1 Bynder shall meet the obligations set forth in the applicable SOW and provide support and maintenance services in accordance with the Service Level Agreement. 6.2 Except to the extent expressly set forth in any SOW, any measurements, specifications or other particulars provided in Bynder's drawings, images, catalogues, websites, offers, advertising material, standardization sheets, Product roadmap, etc. ("Specification Estimates") are estimates only, and Bynder shall not incur any liability, penalties, fines or other obligations if the Product fails to meet Specification Estimates for any reason. 7. Customer Responsibilities 7.1 Customer shall ensure that access to and usage of the Product are always in accordance with the Product Access Terms in Section 2. 7.2 Customer may not copy any documentation provided on the Product for anyone that is not an User. 7.3 Customer shall cooperate with Bynder to implement and maintain the Product, including without limitation, making available to Bynder in a timely manner any documents, data, designs, specifications or other information ("Specifications") reasonably requested by Bynder. 7.4 Customer expressly warrants that the Specifications it provides to Bynder are accurate and complete. Bynder shall not be liable for any problems or issues with the Product that are related to inaccurate Specifications. In the event Customer discovers it has provided Bynder with inaccurate Specifications, it shall notify Bynder immediately of the error. 7.5 In the event that Customer fails to provide Specifications in a reasonable timeframe or in accordance with a timeframe provided in any applicable Order Form, Bynder may halt work on any Products ("work Pause") until such time as the Specifications have been provided. Bynder shall inform Customer in writing of the commencement of a Work Pause. If a Work Pause lasts for more than 90 calendar days, Bynder may terminate the Agreement For Cause as provided in Section 19.5. 8. Third Party Products & API 8.1 A web browser and internet connection are required to access and use the Product. The Product may contain the application programming interface ("API") designed to interoperate with Third Party Products. No integration of any Third Party Product with the Product is required to use the Product. Subject to Section 8.3 below, by integrating the Product with any Third Party Product, Customer acknowledges that Bynder does not warrant or support any such integration, whether or not a Third Party Product is designated by Bynder as "certified" or "recommended" or otherwise. Bynder will have no liability whatsoever for damages, losses, or claims that arise from these integrations. 8.2 If Customer elects to enable, access, or use a third partys products, applications, services, software, networks, systems, directories, websites, databases, or information (collectively "Third Party Products"), Customer's access to and use of such Third Party Product is subject to the terms, disclaimers and policies of that third party provider. Bynder does not endorse, is not responsible or liable for, and makes no representations as to any aspect of such Third Party Products. Bynder cannot guarantee the availability (or continued availability) of any Third Party Product. Bynder shall not be liable for any damage or loss actually or allegedly caused by or in connection with Customer's enablement, access, or use of any such Third Party Products, or Customer's reliance on the privacy practices, data security processes, or other policies of such Third Party Products. Customer irrevocably waives any claim against Bynder with respect to such Third Party Products. 8.3 Bynder provides the following levels of support with regard to any integrations: (i) maintaining Bynder's API in accordance with the API endpoint usages stated in Bynder's API documentation; (ii) determining whether the API is functioning in accordance with the API documentation if an integration reported by Customer is malfunctioning; (iii) rectifying API malfunctions discovered under Section 8.3 (ii) that are the result of a deviation on Bynder's part from the API documentation. 9. Embedded Components 9.1 "Embedded Components" means third party products, applications, services, software, networks, systems, directories, websites, databases and information which are obtained or derived from a third party source outside of Bynder and made available to Customer in the Product. 9.2 Provided that it has no detrimental effect on the Product, Bynder may change such Embedded Components at any time. Unless otherwise expressly stated in the Agreement, Bynder is liable for any Embedded Components used in the Product. 10. Data Protection and Processing of Personal Data Standard Terms of Service Version: v.14 Kent Page 2 of 4 Bynder LLC Issued: 22, October 2021 C9 bynder 10.1 In providing the Product, Bynder will comply with Bynder's Global Privacy Policy, in effect from time to time and attached as Exhibit G to the Agreement. Bynder bases the processing of the Personal Data of Users on legitimate interest under applicable data protection law, to provide Customer with the necessary functionality required during the use of the Product and to develop and improve the Product(s). 10.2 To the extent that Personal Data is processed using the Product, the Parties acknowledge that Bynder is a Processor and Customer is a Controller and each Party shall comply with their respective statutory and regulatory data protection obligations. In as far and to the extent the EU General Data Protection Regulation applies to any Processing of Personal Data by Bynder on behalf of the Customer in connection with the Agreement, this Processing of Personal Data will be governed by Bynder's standard Data Processing Addendum ("DPA") attached as Exhibit H to the Agreement.. 11. Service Analyses 11.1 Bynder endeavors to continually improve the Product(s). In doing so, Bynder may collect metrics and information regarding Customer's use of the Product, including evaluating how Users use the Product ("Usage Data"). Usage Data is used to develop new features or improve existing features. The processing of Usage Data is based on Bynder's legitimate interest to analyze trends in order to assess and improve the overall user experience in the Product(s) to the extent it is necessary for Bynder's legitimate interest under, and in accordance with applicable data protection law. 12. Pricing, Payment Terms, and Refunds 12.1 Unless otherwise provided, all prices are in USD. 12.2 All prices are exclusive of sales taxes and other government taxes, banking fees, and regulatory fees that have been or are later imposed. Each Party agrees to pay any tax assessed to it by a competent tax authority. Customer shall remit payment in full to Bynder regardless of any taxes that are required to be deducted or withheld. 12.3 All payments are due 30 calendar days after receipt of an invoice. Customer shall be deemed to have received an invoice if Bynder has sent it to the email on the Execution Top Sheet of the Order Form. 12.4 If Customer uses a purchase order or similar system ("PO"), it must issue a PO upon execution of the Agreement, any renewal thereof, and any future add -on purchase. Any delay or failure in issuing a PO will not relieve Customer of its payment obligations under the Agreement. For the avoidance of doubt, Customer's general terms and conditions on a Purchase Order shall not apply. 12.5 If Customer fails to timely satisfy its payment obligations, Customer shall owe two percent per month or the highest rate permitted by law, whichever is lower, on the outstanding and undisputed amount without the need for Bynder to issue a demand or notice of default. 12.6 Bynder reserves the right to refer any invoiced, overdue and undisputed payment obligations (or any portion thereof) for collection. 12.7 After five business days' written notice, Bynder may suspend access to the Product if Customer has failed to timely satisfy its payment obligations. 12.8 Except as expressly set forth herein or in an applicable Order Form, all payment obligations are non -cancellable and all amounts paid are non-refundable. 13. Payment Disputes. 13.1 Any dispute of an invoice must be made by providing written notice to Bynder detailing the reasons for the dispute within 20 calendar days of receipt of the invoice. Customer must timely pay in full any undisputed amount under the invoice. 13.2 In the event a dispute arises between the Parties related to (a) whether amounts were properly charged; or (b) whether the Product, deliverables or services were properly provided or performed, Section 20 shall apply. 14. Confidentiality 14.1 "Confidential Information" means (a) information relating to the Agreement that is not generally known to the public or that constitutes a trade secret; (b) information that is owned, developed or otherwise acquired by either Party, including the Partys financial data, business plans, customer information, software, programming, systems and use documentation, technical information, technology, designs, ideas, inventions, data, data formats and files, and all copies and tangible embodiments thereof; (c) software originating from Bynder, and (d) other information that would reasonably be considered confidential. 14.2 While performing its obligations underthe Agreement, either Party may deliver Confidential Information to the other. If Party receives the Confidential Information of the other, such receiving Party shall (a) use such Confidential Information solely for the purpose of carrying out its obligations according to the Agreement, (b) hold such Confidential Information in confidence and take reasonable precautions to protect such Confidential Information (including all precautions that such Party employs with respect to its own confidential materials), (c) not divulge any such Confidential Information or any information derived therefrom to any third party and (d) only divulge such Confidential Information to those of its employees, representatives, and affiliates who have a reasonable need to know such information and are subject to confidentiality obligations at least as stringent as those in this Section 14. 14.3 The provisions of Section 14.2 may not apply (a) to any Confidential Information that (i) is or becomes (through no improper action or inaction by the receiving Party or any of its employees, representatives, or affiliates) generally available to the public; (ii) was in possession of or known by the receiving Party prior to receiving it from the disclosing Party; (iii) was properly disclosed to the receiving Party without any obligation of confidentiality; or (iv) was discovered or created by the receiving Party without reliance on such Confidential Information (as shown by the records of receiving Party); or (b) to disclosures to the extent required by applicable law or court order. 15. Publicity 15.1 Each Party hereby gives its consent to publication of the other Party's name and logo for marketing purposes. 16. Warranties Standard Terms of Service Version: v.14 Kent Page 3 of 4 Bynder LLC Issued: 22, October 2021 C9 bynder 16.1 Bynder hereby warrants to Customer that, as of the Effective Date: (a) it has the full right, power and authority to enter into, and fully perform its obligations under the Agreement; (b) it shall comply with all laws and regulations applicable to the performance of its obligations under the Agreement; and (c) it has not infringed upon the intellectual property rights of any third parties in granting Customer access to the Product for use in accordance with the Agreement. 16.2 Customer hereby warrants to Bynder that, as of the Effective Date: (a) it has the full right, power, and authority to enter into and fully perform its obligations under the Agreement; (b) it shall comply with all laws and regulations applicable to the performance of its obligations under the Agreement; and (c) it and Users will use the Product in accordance with the Agreement. 16.3 EXCEPT AS EXPLICITLY STATED IN THE AGREEMENT, THE PRODUCT IS PROVIDED BY BYNDER ON AN "AS -IS" BASIS. ALL OTHER WARRANTIES, WHETHER ORAL OR WRITTEN, EXPRESS OR IMPLIED OR CONTRACTUAL OR STATUTORY, ARE EXPRESSLY DISCLAIMED. WITHOUT LIMITATION, BYNDER DOES NOT WARRANT THAT (a) THE OPERATION AND/OR USE OF THE PRODUCT WILL BE UNINTERRUPTED OR ERROR -FREE; (b) THE PRODUCT WILL PERFORM IN EVERY OPERATING ENVIRONMENT; (c) ALL DEFICIENCIES OR ERRORS IN THE PRODUCT ARE CAPABLE OF CORRECTION; OR (d) THE PRODUCT MEETS CUSTOMER'S REQUIREMENTS OR EXPECTATIONS. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE SPECIFICALLY DISCLAIMED. 17. [OMITTED] 18. Limitations of Liability 18.1 NOTHING IN THE AGREEMENT SHALL LIMIT A PARTY'S (a) LIABILITY, OR WARRANTY OBLIGATIONS HEREUNDER WITH RESPECT TO CLAIMS OF (i) BODILY INJURYAND DEATH, OR (ii) GROSS NEGLIGENCE OR WILLFUL MISCONDUCT; AND (b) INDEMNITY OBLIGATIONS AS PROVIDED IN SECTION 17. 18.2 LIMITATION ON AMOUNT OF LIABILITY. WITHOUT PREJUDICE TO SECTION 18.1, IN NO OTHER EVENT SHALL THE AGGREGATE LIABILITY OF EITHER PARTY EXCEED THE MAXIMUM INSURANCE REQUIRED BY EXHIBIT A. 18.3 LIMITATION ON INDIRECT LIABILITY. FORCLAIMS NOT RESULTING FROM AN INDEMNIFICATION OBLIGATION OFTHE PARTIES, NEITHER PARTY MAY BE HELD LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, PUNITIVE DAMAGES (INCLUDING LOST OR ANTICIPATED REVENUES OR PROFITS), OR COST OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES ARISING FROM ANY CLAIM RELATING DIRECTLY OR INDIRECTLY TO THE AGREEMENT, WHETHER BASED ON WARRANTY, CONTRACT, TORT, OR OTHERWISE, EVEN IF SUCH PARTY WAS ADVISED OF OR OTHERWISE AWARE OF THE LIKELIHOOD OF SUCH DAMAGES. 18.4 If a third party seeks an injunction claimingthat the Product infringes the intellectual property rights of a third party, and that injunction is not dismissed within 30 calendar days, or if a court of competent jurisdiction issues a judgment that the Product infringes upon the intellectual property rights of a third party, Bynder shall, at its sole discretion: (a) obtain for Customer the right to continue using the Product; (b) replace or modify the Product so that it does not infringe such proprietary rights and may be used by Customer; or (c) reimburse to Customer any prepaid fees that relate to the infringing Product. 18.5 The Bynder Entities shall have no liability whatsoever to Customer for any expenses, damages and costs related to the non-functioning of the Product (whether in part or in whole) due to unavailability of the internet or due to changes in legislation or technical restrictions that limit access to or functionality of the Product. In the event of a change in laws or regulations in any of the countries in which Customer has Users, including changes to laws and regulations on cloud computing services, data protection and privacy, or Software as a Service, which impact Bynder's ability to offer the Product, Customer accepts that Bynder may limit the availability of the Product in a manner to be determined in Bynder's sole discretion, and Customer hereby releases Bynder from any liability relating to such limitation. Bynder makes no warranties or guarantees whatsoever in relation to the availability of the Product in China. Neither the Service Level Agreement nor any other service agreement applicable to Customer's use of a Bynder Product will apply to use of such Product by Users within China. 19. [OMITTED] 20. [OMITTED] 21. [OMITTED] Standard Terms of Service Version: v.14 Kent Page 4 of 4 Bynder LLC Issued: 22, October 2021 EXHIBIT C ACCEPTABLE USE POLICY Bynder Acceptable Use Policy This Acceptable Use Policy ("AUP") describes acceptable use of and access to any Product offered by Bynder, including any Mobile Apps, whether it is provided directly or through another party. By accessing or using the Products, Customer agrees to the terms of this AUP and will be held responsible for any violations hereof. Without Customer's agreement to abide by this AUP, Bynder cannot provide the Products. Use of the Bynder Products shall be subject to the Bynder Global Privacy Policy, attached as Exhibit H to the Agreement Unless otherwise defined herein or in the Agreement between Customer and Bynder, all capitalized terms used within this AUP have the following meaning: Customer: a company, or its representative, with a current agreement with Bynder for thepurchase of Products or a user of a free trial version of Bynder. Customer Data: all items uploaded to the Products Intellectual Property Rights: all and any copyright, know-how, rights in inventions, patents, trade secrets, trademarks and trade names, service marks, design rights, rights in get-up,database rights and rights in data, the right to sue for passing off, utility models, domain names, rights in goodwill and all similar or equivalent rights and in each case, whether registered or not, including any application to protect or register such rights and all renewals and extensions of such rights or applications, whether vested, contingent or future, and wherever existing. Products: Bynder software products and services, including Bynder trial versions, additional products purchased, and any modified, updated or enhanced versions of such products and services that Bynder may make available. 1. Prohibited use and content. Customer may not upload Customer Data or use the Products in a manner that: 1.1 violates any local, state, national, foreign or international Regulations, including data protection and privacy regulations, or fails to secure all required consents from data subjects; 1.2 advocates or induces illegal activity; 1.3 infringes or misappropriates the Intellectual Property Rights of another party; 1.4 publishes, posts, uploads, or otherwise distributes any software, music, videos, or other material protected by intellectual property laws (or by rights of privacy or publicity), unless Customer has all rights and consents required to do so; 1.5 is threatening, abusive, harassing, stalking or defamatory; 1.6 is deceptive, false, misleading or fraudulent; 1.7 modifies, alters, tampers with, repairs, reverse engineers, disassembles, decompiles or otherwise creates derivative works of any software included in the Acceptable Use Policy Public Page 1 of 5 Bynder BG.AUP.0011.2_Kent Products (except to the extent this is expressly permitted under a separate license agreement for the creation of derivative works); 1.8 is invasive of another's privacy or otherwise violates another's legal rights (such as rights of privacy and publicity); 1.9 involves uploading files that contain viruses, malware, corrupted files, or any other similar software or programs that may damage the operation of another person's computer; 1.10 interferes with or disrupts the Products or servers or networks connected to the Products; 1.11 uses any high volume automated means (including robots, spiders, scripts or similar data gathering or extraction methods) to access the Products or any other accounts, computer systems, or networks connected to the Products (each a "System"); 1.12 downloads any file that Customer knows, or reasonably should know, cannot be legally distributed in that way; 1.13 falsifies or deletes any author attributions, legal or proprietary designations, labels of the origin or source of software, or other material contained in a file that is uploaded; 1.14 restricts or inhibits any other Customer from using the Products; 1.15 harvests or otherwise collects information about others, including e-mail addresses, without their consent; 1.16 violates the usage standards or rules of an entity affected by Customer's use, including without limitation any internet service provider (or ISP), ESP, or news or user group (including, for example, circumventing or exceeding equipment use rights and restrictions and/or location and path identification detail); and/or 1.17 is legally actionable between private parties. 2. Customer will use the Products for Customer's internal business purposes and will not violate the security or integrity of a Product in any way, including but not limited to: 2.1 willfully tampering with the security of the Products; 2.2 accessing data on the Products not intended for Customer; 2.3 logging into a server or account on the Products that Customer is not authorized to access; 2.4 attempting to probe, scan, or test the vulnerability of any Products or to breach the security or authentication measures without proper authorization; 2.5 willfully rendering any part of the Products unusable; 2.6 attempting to gain unauthorized access to any portion of the Products whether through hacking, password mining, or any other means; 2.7 monitoring data or traffic on a system without permission; 2.8 leasing, distributing, licensing, selling, or otherwise commercially exploiting the Products or making the Products available to a third party other than as contemplated in the Agreement; Acceptable Use Policy Public Page 2 of 5 Bynder BG.AUP.0011.2_Kent 2.9 using the Products for timesharing or service bureau purposes, or otherwise for the benefit of a third party without our prior written consent; and/or 2.10 providing to third parties any evaluation version of the Products without our prior written consent. 3. No SPAM Permitted; Email Opt -Out Requirements Customer may not use the Products in any way (directly or indirectly) to send, transmit, handle, distribute or deliver: 3.1 unsolicited email ("spam" or "spamming") or commercial electronic messages in violation of the CAN-SPAM Act, Directive 2002/58/EC, or Canada's Anti -Spam Legislation, Dutch Telecommunications Act 1998 ("telecommunicatiewet") or any other applicable laws; 3.2 email to an address obtained via Internet harvesting methods or any surreptitious methods (e.g., scraping or harvesting); or 3.3 email to an address that is incomplete, inaccurate and/or not updated for all applicable opt -out notifications, using best efforts and best practices in the industry. Customer warrants that Customer will promptly comply with all opt -out, unsubscribe, "do not call", and "do not send" requests from users of Customer's services and recipients of Customer's emails. Customer further warrants that each email Customer sends or which is sent on Customer's behalf using the Products will contain: 3.4 header information that is not false or misleading; and 3.5 an advisement that the recipient may unsubscribe, opt -out or otherwise demandthat use of its information for unsolicited, impermissible, and/or inappropriate communication(s) as described in this AUP be stopped, and must clearly indicate how the recipient can notify Customer that it wants to unsubscribe, opt -out, or stop this use of its information. These requirements may not apply if the email concerned is strictly transactional in nature and/or these requirements are otherwise subject to a legal exception. 4. Prohibited Email Content and Formatting; Email Best Practices Customer is prohibited from using the Products to send emails to addresses acquired from purchased lists. Emails sent or caused to be sent to or through the Products may not: 4.1 contain false or misleading information or content or use or contain invalid orforged headers or invalid or non-existent domain names; 4.2 employ any technique to otherwise misrepresent, hide, or obscure any informationin identifying the point of origin or the transmission path or any other means of deceptive addressing; 4.3 use a third party's internet domain name without their consent, or be relayed fromor through a third party's equipment without the third party's permission; and/or Acceptable Use Policy Public Page 3 of 5 Bynder BG.AUP.0011.2_Kent 4.4 use Bynder's trademark(s), tagline(s), or logo(s) without our prior written consentand, with such consent, only pursuant to the limits placed on any such use. 5. Bynder Trademark Use Unless Customer has Bynder's express prior written permission, Customer may not in any way use, remove, or alter any name, logo, tagline, or other mark of Bynder or the Products,or any identifier or tag generated by the Products, including without limitation: 5.1 as a hypertext link to any website or other location (except as provided for orenabled expressly by us); and/or 5.2 to imply identification with Bynder as an employee, contractor, agent, or any other similar representative capacity. 6. Customer Reporting Suspected Violations Customer can report abuse of this AUP to legalla�bynder.com. If Customer is the recipient of email messages sent using the Products that Customer knows or suspects were sent in violation of this AUP, Bynder encourages Customer to report this to Bynder by forwarding an unaltered copy of the received email. 7. Assessing Compliance with the AUP Bynder has the sole discretion to determine whether Customer Data or Customer's use of the Products is prohibited. All Customer Data that is provided to Bynder or actions that are performed via Customer's account, whether provided or performed by Customer's employees, Customer's contractors, or Customer's customers and end users, are the sole responsibility of Customer. 8. Monitoring and Enforcement Bynder may: 8.1 investigate violations of this AUP or misuse of the Products; 8.2 take measures to prevent security threats, fraud, or other illegal, malicious, or inappropriate activity; 8.3 notify Customer of violations of this AUP or misuse of the Products, remove any prohibited materials and/or deny access to any person who violates this AUP; 8.4 suspend or terminate use of the Products being used in a way that violates thisAUP or any other agreement Customer has with Bynder for the use of the Products; 8.5 use its discretion in developing and implementing mechanisms to enforce this AUP; 8.6 report any Customer activity that it suspects violates any law or regulation to appropriate law enforcement officials, regulators, or other appropriate third parties. Bynder's reporting may include disclosing Customer information, as necessary. Acceptable Use Policy Public Page 4 of 5 Bynder BG.AUP.0011.2_Kent 8.7 disclose information regarding Customer's use of any Products to satisfy any law, regulation, government request, court order, subpoena, or other legal process. If Bynder makes this type of required disclosure Bynder will notify Customer, unless Bynder is required to keep the disclosure confidential. 9. Fair Use We aim to ensure that all of our Customers enjoy fast and reliable service. 9.1 The following traffic prices apply: Traffic Price per GB First 8 TB per month 0.00 0.15 USD More than 8 TB per month 0.13 EUR 0.11 GBP More than 350 TB per month Bynder will contact Customer 9.2 Bynder monitors each Customer's outgoing traffic volume. Any outgoing traffic volume in excess of 8 TB per month ("Additional Traffic") will attract costs as stated in the above schedule. 9.3 Bynder will invoice each Customer for its Additional Traffic, if any, on a monthly. Such invoices are subject to the Payment Terms in the Agreement between Bynderand Customer. 10. Updates to the AUP This AUP may be updated upon written agreement of the parties. Acceptable Use Policy Public Page 5 of 5 Bynder BG.AUP.0011.2_Kent EXHIBIT D SERVICE LEVEL AGREEMENT W bynder Service Level Agreement v. 12.6 This Service Level Agreement ("SLA") forms part of the Software as a Service agreement between Customer and Bynder ("Agreement"). In the event this document is translated into any other languages, the English version shall be authoritative. Bynder encourages Customer to review the online SLA periodically. 1. Introduction This SLA describes the levels of Product availability and support that Customer can expect to receive from Bynder for the duration of the Agreement. 2. Definitions As used in this SLA, the following terms shall have the meanings specified below. Any capitalized terms not defined herein shall have the meaning attributed to them in the Agreement. In this SLA the singular includes the plural and vice versa; the words "month", "year", and "quarter" mean calendar month, calendaryear, and calendar quarter, unless otherwise stated; and the word "including" (or any analogous word or phrase) means "including without limitation". Business Day 08:30 to 18:00, local time for the contracting Bynder entity, not including Saturday, Sunday or a public holidays. Degraded a lower quality of service as described in this SLA (e.g. temporarily broken or Performance temporarily unavailable functionality). Downtime the period of time during which the Product is wholly unavailable to Customer, including maintenance occurring outside of Maintenance Hours for which less than 24 hours' notice was provided to affected Customers. However, Downtime shall not include: Scheduled Maintenance; Degraded Performance; factors outside of Bynder's control, including any Force Majeure Events; failures of the internet; acts or omissions of Customer and its Users; and enforcement of state or government Regulations. Knowledge Base Bynder help portal located on the Bynder website (support.bynder.com) that publishes information on how to perform tasks in the Product and responds to frequently asked questions. Maintenance Hours MondaytoFridayfrom00:00-04:000TC, all day Saturday, and Sundayfrom13:00 - 04:00 UTC. Resolution Time the time that elapses from the Response Time until the alert is resolved. Response Time measures the time that elapses between the receiving of an alert and the time of commencing work on the issue. Service Level Agreement Public Page 1 of 6 Bynder BG.SLA.0013_Kent W bynder Scheduled planned outages, either suspending service in full or in part, which Bynder will Maintenance endeavour to announce at least 5 days in advance, and in any case will announce no later than 24 hours in advance, which will not exceed a reasonable period of time for the maintenance required and which, where possible, shall take place during Maintenance Hours. SLA Effective Date the Project Start Date stated in the Agreement or applicable Statement of Work and the date this SLA enters into force. Ticket an electronic request sent to Bynder by Customer (e.g. requesting a solution to an incident). Uptime as calculated in accordance with this SLA. 3. Scope of the Service Level Agreement This SLA applies only to the Product and Professional Services described in the Agreement or applicable Statement of Work. This SLA does not apply to any software, equipment, services, or other parts of an information technology system that are not purchased from or managed by Bynder. Bynder will rectify material issues with the Product, except where: 3.1 the issue has been caused by Customer's use of the Product in a manner that is contrary to Bynder Training, Knowledge Base, or any other instruction issued by Bynder; 3.2 Customer has made unauthorized changes to the configuration or set-up of the affected Product; 3.3 Customer has prevented Bynder from performing maintenance on the Product; 3.4 the issue has been caused by Third Party Products; or 3.5 the issue has been caused by User(s), including by modifying part of the software or by adding, deleting, or assigning improper rights to Users. 4. SLA Effective Date and Term This SLA will be effective from the Project Start Date and will terminate without further notice and without right to compensation or restitution upon the expiry or termination of the Agreement or applicable Statement of Work. S. Responsibilities Bynder responsibilities: 5.1 ensure the relevant Product and Professional Services are available to Customer in accordance with the Uptime guarantee; 5.2 respond to support requests within the timescales listed below; 5.3 take steps to escalate, diagnose, and resolve issues in an appropriate and timely manner, including the allocation of a sufficient number of skilled staff and the collection of necessary information; and 5.4 maintain clear and timely communication with Customer at all times. Customer responsibilities: 5.5 use the Product as intended under the Agreement; 5.6 notify Bynder of issues or problems in a timely manner and as thoroughly as is possible; Service Level Agreement Public Page 2 of 6 Byncler BG.SLA.0013_Kent W bynder 5.7 cooperate with Bynder in its efforts to escalate, diagnose, and resolve issues by providing timely and accurate responses to requests for information; 5.8 in case of anA-Priority Alert, ensure the availability of a sufficient number of skilled Customer employees to cooperate with Bynder; 5.9 provide Bynder with access to equipment, software, and services for the purposes of maintenance, updates, and fault prevention; and 5.10 maintain staff with adequate information technology knowledge to fulfil these responsibilities. 6. Availability Bynder guarantees 99.9% Uptime each month 24 hours a day 7 days a week ("Agreed Hours of Service"). Uptime is measured based on the monthly average of availability, rounded down to the nearest minute, and calculated as follows: Uptime %= 7. Service Credits Agreed Hours of Service - hours of Downtime Agreed Hours of Service 100% Should Uptime fall below 99.9% in any month, Bynder will pay liquidated damages in the form of a Service Credit, which is calculated as follows: Uptime < 99.0% 100% of monthly Subscription Fee Uptime >_ 99.0% and less than 99.9% 99.9%-Uptime ° � monthly Subscription Fee' 50% 0,9 /o Uptime >_ 99.9% 0% of monthly Subscription Fee To apply for a Service Credit under this SLA, Customer must submit a request to support@bynder.com, within 30 days of the end of the applicable month with the subject line "SLA Service Credit". The request must include the dates and times of the Downtime for which Service Credit is being requested, and any additional documentation that demonstrates the claimed Downtime. Service Credits are the exclusive remedy for Bynder's failure to meet its Uptime guarantee and no other or additional types of damages can be claimed, including breach of warranty. In the event there are no new invoices to be issued, Bynder will pay out the Service Credit to Customer directly. 8. Response Time and Resolution Time In the event of an alert, Bynder is deemed to have responded when it has replied to Customer's initial request. This may be in the form of an email or telephone call, to acknowledge receipt of Customer's request, provide a solution, or request further information. The Response Time and Resolution Time will depend on the priority of the item(s) affected and the severity of the alert, as set out in the following schedules: Alert Type Issue severity Response Time Resolution Time A -Priority Highly critical alert. Product is not available Within 1 hour Within 4 hours, inclusive Alert for use or a significant proportion of the of the A -Priority Alert contracted functionalities are not available. Response Time. Service Level Agreement Public Page 3 of 6 Byncler BG.SLA.0013_Kent W bynder B-Priority Critical alert. One or more elements of the Within 24 hours Within 24 hours, exclusive Alert Product critical to the functioning of of the B-Priority Alert Customer's business have ceased to respond Response Time. completely or respond extremely slowly. C-Priority Non -critical alert. One or more elements of Within 48 hours Within 48 hours, exclusive Alert the Product have ceased to respond of the C-Priority Alert completely or respond slowly and a Response Time. workaround is available. D-Priority Notification of minor issue that does not Within 48 hours Best effort. Alert prohibit Customer from utilizing Product in any material way. For Starter Success Package Customers, the following Response Times and Resolution Times apply: Alert Type Issue severity Response Time Resolution Time A -Priority Highly critical alert. Product is not available Within 4 hour Within 8 hours, inclusive for use or a significant proportion of the of the A -Priority Alert KMM contracted functionalitie5,are not available. J11111111111111 Respon B-Priority Critical alert. One or more elements of the Within 24 hours Within 24 hours, exclusive Alert Product critical to the functioning of of the B-Priority Alert Customer's business have ceased to respond Response Time. completely or respond extremely slowly. NE -Priority Non -critical alert. One or more elements of Within 48 hours Within 48 hours, exclusive Alert the Product have ceased to respond of the C-Priority Alert completely or respond slowly and a Response Time. workaround is available. D-Priority Notification of minor issue that does not Within 48 hours Best effort. Alert prohibit Customer from utilizing Product in any material way. 9. Bynder's Storage & Infrastructure Bynder uses Amazon Web Services (AWS) to provide its Product via a cloud -based storage application called AWS S3. AWS S3 offers the possibility to store a virtually unlimited amount of data with a guaranteed data durability of 99.999999999%. Bynder offers Customer the option to host Customer Data either on servers located in Frankfurt, Germany or globally. Customer will be required to select its data hosting location in the applicable Statement of Work. To provide the module Bynder Video Brand Studio, Bynder uses Google Cloud Storage (GCP) with data hosting in Europe. Service Level Agreement Public Page 4 of 6 Bynder BG.SLA.0013_Kent CO bynder 10. Problem Management Bynder Support regularly analyses all Customer Tickets in order to identify trends and bottle necks. Based on these findings, Support updates the Knowledge Base with information explaining the solution to "known errors". In order to respond to FAQs and help Customers to resolve common problems without needing direct assistance from Support, Bynder maintains the Knowledge Base on the Bynder website (support.bynder.com). Bynder Support has defined four general types of FAQs: • Technical issues are related to a particular bug, security or backup failures, or any other type of non- functioning of the Product. Example: "A video previewisn'tshowing." • User questions arise from instances when the system fails to be self-explanatory. Bynder works hard to prevent these questions and reduce them to an absolute minimum. Example: "How do I upload an image?" • Requests are requests to change the Product, features or settings. Example: "Can you setup a new filter in our environment?" • Content questions are related to the contents of Customer Data itself. Customer is the creator and controller of its Customer Data, and is therefore tasked with providing User support for these questions. Example: "The model is wearing the wrong trousers — we need an image from a different collection." 11. Help Desk If your question is not resolved via the Knowledge Base, the Bynder help desk can be contacted by email anytime via su000rt(@getbynder.com, or by telephone during applicable office hours: 09:00 to 18:00 (Amsterdam local time): +31 (0) 20 820 37 40 09:00 to 18:00 (Boston local time): +1 (857) 310 5434 12. Security Bynder provides its Product and Professional Services in accordance with IEC/ISO 27001:2013 and has an Information Security Policy, which is available upon request. 13. Backups The Bynder team secures backups of all data and code in the following manner: • Incremental backups of all uploaded media on multiple back-up servers (daily). • Full backups of the database (hourly, retention of 7 days). • Backups of the file database (monthly, on separate AWS S3 servers). • For Bynder Video Brand Studio, hosted on GCP, daily backups of the database In the (unlikely) event of damage or outage at Bynder's data hosting locations, Bynder will restore Customer's data from the most recent backup. This will be treated as an A -Priority Alert. At Customer's request, a backup or a part of a backup can be restored within 48 hours for a fee negotiated in the Agreement or charged on a time and material basis. Service Level Agreement Public Page 5 of 6 Bynder BG.SLA.0013_Kent Co bynder 14. Release Policy Bynder releases the Product via Continuous Integration and Continuous Delivery. This means that whenever a new feature or release of Bynder is ready, it can be deployed to the production clusters at any moment. The main application is typically released once a day. All perimeter applications are deployed to production continuously when a build is succeeded on the continuous integration servers. Urgent bug fixes that impact availability and critical features are applied immediately on production servers in accordance with the Resolution Time schedule. Third party components in use by Bynder (e.g. Ubuntu, Oracle Java JRE, Python, etc.) are updated automatically every night (in the UTC time zone), whenever critical updates become available via the "unattended upgrades" mechanism provided by Ubuntu. 15. Software Improvements Bynderwill make available to Customer new versions, releases, and updates to the Product to solve defects and/or errors, keep the Product up-to-date with market developments, or otherwise improve (the operation or functionality of) the Product. These improvements may include bug fixes. Bynder will only support the most recent version of the Product. New versions, releases, or updates will contain at least the level of functionality as set out in this SLA and as contained in the version or release of the Product previously used by Customer, and will not otherwise negatively impact Customer's use of the Product. Byndershall make reasonable efforts to ensure that when performing such actions, the impact on Customer and its User(s) is limited. 16. Updates to the SLA This SLA may be updated upon written agreement of the parties. Service Level Agreement Public Page 6 of 6 Bynder BG.SLA.0013_Kent EXHIBIT E NTEGRATIONS TERMS OF USE C/J bynder Integrations Terms of Use BynderBV Introduction These Integrations Terms of Use describe how Bynder provides and supports integrations. By accessing or using integrations, Customer agrees to be bound by these Integrations Terms of Use. To the extent not covered in these Integrations Terms of Use the Agreement between Customer and Bynder will apply. By entering into these Integrations Terms of Use on behalf of a company or other legal entity, you represent that you have the authority to bind such entity to these Integrations Terms of Use. 2. Bynder Applications Please note that integrations developed by Bynder ("Bynder Applications") connect the Product with other software and are not required to use the Product. Bynder has no control over the product roadmap and development of such other software. Even so, Bynder will make reasonable efforts to keep Bynder Applications compatible with the other software. By using Bynder Applications, Customer acknowledges that they are provided "as is", without warranty of any kind, whether express or implied, except for those expressed in the Agreement. Except as stated in the Agreement, Bynder will have no liability whatsoever, including indemnification for damages, losses, or claims that arise from Bynder Applications, including from any modification, combination, or development of Bynder Applications that are not performed by Bynder. 3. Non-Bynder Applications Customer acknowledges that certain software features may be available that integrate with the Product which are developed, provided, or offered by third party providers ("Non-Bynder Applications"). Such Non-Bynder Applications are not required to use the Product. Bynder does notwarrant and is not responsible or liable for any aspect of Non-Bynder Applications, regardless of whether they are designated or promoted by Bynder as "certified," "approved", "recommended", or similar; offered directly by Bynder or via its app marketplace; or discussed during any promotion or sales process. The terms and conditions of Customer's use of Non-Bynder Applications are strictly between Customer and the third party provider. Customer agrees that, if it chooses to use Non-Bynder Applications, Bynder may grant third party providers access to the Customer Data to the extent required for the interoperation of such Non-Bynder Applications with the Product, and Bynder shall not be responsible for any resulting or related disclosure, modification, or deletion of Customer Data. 4. Integrations Support For Bynder Applications, Bynder will provide the level of support included in Customer's Subscription. For Non-Bynder Applications, Bynder will not be obligated to provide support beyond maintaining the basic information included in the Knowledge Base and Customer will seek support from that third party directly. Please rest assured that, Bynder is still responsible for: (i) maintaining its API in accordance with the API endpoint usages stated in Bynder's API Documentation; (ii) taking steps in case of a malfunctioning integration in order to determine if the API is functioning in accordance with the API Documentation; and (iii) rectifying API malfunctions discovered under (ii) that are the result of a deviation on Bynder's part from the API Documentation. 5. API For application programming interface (API) usage, please consult the Bynder API Terms of Use (Exhibit F). Integrations Terms of Use Page 1 of 1 Bynder BV LEU.ITU.0011.0_Kent Issued: 22 October 2021 EXHIBIT F API TERMS OF USE API Terms of Use Thank you for choosing to use and develop on the Bynder API. To use the API, Customer shall accept these terms and all other operating rules, policies, and other procedures that are part of its Agreement (collectively, the "Terms"). If not defined here, capitalized terms have the mean ingstated in the Agreement between Customer and Bynder. 1 API Access 1.1 Authorization. By using the API, you acknowledge that you are authorised to bind Customer, have read and understood the Terms, and agree on Customer's behalf to the Terms in their entirety. If you do not, or are not able to make these statements, you are prohibited from using the API. 1.2 License. Except as stated in these Terms, Bynder hereby grants to Customer a limited, non-exclusive, non -assignable, non -transferable, revocable license, to access and use the API and to build integrations between the API and other software applications, websites, or products (collectively, "Applications") for Customer's internal business purposes. This license is subject to the limitations set forth in the terms below. If Customer violates these restrictions, Bynder will automatically terminate Customer's API license. 1.3 Third Party Access. These Terms will apply to Customer and anythird parties and end users to which Customergives API access. As such, Customer shall cause third parties and end users to comply with the Terms, and will be responsible for any such third party and end user access as if it were by Customer itself. 2 Use of API 2.1 API Documentation. The API documentation is available at bvnder.docs.apiarv.io/ (v4) and bynderapiv5.docs.apiary.io/ (v5) and describes how to effectively use the API and build integrations with other Applications. Please note that parts of the API might be undocumented. Given that these undocumented aspects of the API may change at any time, Customer shall not rely on these behaviours. 2.2 Limits. Bynder sets and enforces limits on Customer's use of the API in Bynder's sole discretion and may change the limits from time to time by updating the API documentation. Customer shall not attempt to exceed or circumvent limitations on access, calls, or other uses of the API, and shall not otherwise use the API in a manner that is excessive, abusive, or otherwise fails to complywith the API documentation. 2.3 API Restrictions and Responsibilities. Customer shall not: (i) use the API to replicate or compete with core products or services offered by Bynder; (ii) sell access or sublicense the API for use by a third party; (iii) transmit any malware or other computer program that may damage, harmfully interfere with, surreptitiously intercept, or expropriate any system or data; (iv) reverse -engineer or attempt to extract the source code from the API or any other Bynder product or service; (v) cache or store Customer Data accessed via the AN other than for reasonable periods in order to use Customer's Application; (vi) engage in any deceptive, misleading, illegal, or unethical activities or other activities that may be detrimental to the API, Bynder, Bynder's customers, or the public; (vii) conduct penetration tests or vulnerability scans of the API and other Bynder systems or networks without the prior written permission of Bynder and outside of the scope of Bynder's Responsible Disclosure Policy. 2.4 Monitoring. Bynder may monitor Customer's use of the API to ensure quality, improve Bynder's products and services, and verify Customer's compliance with the Terms. Upon Bynder's request, Customer shall assist Bynder in such efforts by providing information about Customer's Application and storage of Customer Data, which may also include providing access to Customer's Application and other materials related to Customer's use of the API. 2.5 Confidential Matters. Customer shall keep confidential all AN access credentials, passwords, and tokens, and shall endeavour to prevent and discourage third parties from making unauthorised use of Customer's credentials. 3 Use of Bynder Trademarks, Attribution, and Publicity API Terms of Use PUBLIC Page 1 of Bynder BG.API.1.1_Kent Updated: 22 October 2021 3.1 Customer shall not modify Byn der Trademarks and shall only use them in accordance with the requirements in this section and onlywhilethese Terms are in effect. "BynderTrademarks" includes the Bynder name and logo, anyword, phrase, image, or other designation that identifies the source or origin of any of Bynder's products or services. 3.2 Customer shall: (i) only use Bynder Trademarks as made available to Customer by Bynder; (ii) only use Bynder Trademarks in connection with Customer's Application; and (iii) immediately discontinue the use of Bynder Trademarks upon Bynder's request. Customer shall not use Bynder Trademarks in a disparaging, misleading, or confusingway, including suggesting partnership with or sponsorship, endorsement, or approval by Bynder. 4 Reservation Atany point in thefuture, Bynder may: (i) modifytheAPI and require Customerto usethose modified versions; or (ii) independently develop products or services that may compete with Customer's Application. These API Terms of Use may be changed by written agreement of the parties. These API Terms of Use were last updated on: 22 October 2021 API Terms of Use PUBLIC Page 2 of 2 Bynder BG.API.1.1_Kent Updated: 22 October 2021 EXHIBIT G GLOBAL PRIVACY POLICY W bynder Global Privacy Policy Bynder understands that visitors to our website ("the Website"), potential customers, and Users of Bynder products ("Products") care about how their information is collected, used, processed, transferred, stored, and shared. This Global Privacy Policy describes Bynder's commitment to protecting your privacy. It forms a part of our Website Terms of Use, Trial Terms of Use, and Standard Terms of Service, and all other documents incorporated therein ("Terms"). Any capitalized terms not defined in this Global Privacy Policy are defined as set out in the Terms. Please familiarize yourself with this Global Privacy Policy. This Global Privacy Policy is formally reviewed annually and is updated as often as necessary. Updates will be posted publicly on the Website. If we make substantive changes to the purposes and policies set out here, we will update this page and we will inform Product Users by email or in -application notification. This Global Privacy Policy provides information on how Bynder handles data as a data controller, meaning all data we process for our own purposes. Where Bynder is a processor or a sub -processor of data, that activity is generally governed by a Data Processing Agreement. What We Collect and How We Use It 1.1 Website When you visit the Website, you are not required to actively provide any information, but we may collect some of your Personal Data and Navigation Information, as set out in Section 1.3 below. We collection some Personal Data, and we may collect some Navigation Information, when you contact us via the Website chat function, sign up to download or receive information from us, or sign up to use our Products. Some information is collected via the Website using cookies. See our Cookies Policy. 1.2 Bynder Products We may collect Personal Data and Navigation Information from Users of our Products to help us provide, administer, and improve our Products. In order to use the Products, you will need to provide your full name and email address to us. To make changes to the permissions you give us, please visit your Bynder User profile. 1.3 Collected Data "Personal Data" refers to any information that can be used to identify you personally. For our purposes, this may include your (first and last) name, email address, User ID, company name, address, phone number and information about you that is publicly available online via sites like Facebook, Linkedln, Twitter, and Google, data you write in a contact form, your project role, your uploads, your preferences and your account settings. "Navigation Information" refers to information about your computer, device, visits to the Website, and use of the Products. For our purposes, this includes which website you visited prior to visiting us or which link or campaign you clicked on to reach our website, your IP address, geographical location (city and/or country), browser type and version, IS information, referral source, length of visits, pages viewed, language preferences and heat mapping. In some cases Navigation Information may also be Personal Data. Generally, we may use your Personal Data and Navigation Information for the following purposes: a. Persona lizing the Website forthe legitimate purpose of improvingyour browsing experience. We retain Personal Data processed forthis purpose until your browsingsession with us has ended or until such time as you no longer have a profile with us; b. Managingyour Bynder account in performance of our agreement. We retain Personal Data processed for this purpose until we receive an actionable request to delete a User's Personal Data, or in the case of termination or expiration of our agreement with a customer, we delete Personal Data as agreed in the Terms; c. Understanding User preferences for the legitimate purpose of improving our Products. We may retain Personal Data processed for this purpose until you withdraw your consent; d. Linkingyour information to learn your preferences and those of people like you for the legitimate purpose of improving our offerings. We may retain Personal Data processed for this purpose until you withdraw your consent; and e. Contactingyou for direct marketing purposes. We may retain Personal Data processed for this purpose until you withdraw your consent. 1.4 Supporting Suppliers The Website and Products integrate some services provided by third parties. We may share some of your information with these suppliers so they can provide their services, including payment processing, removing repetitive information from prospect lists, analyzing data, marketing support, customer and/or User profiling, business development, and customer service. To ensure that your Personal Data is collected, processed, used, stored, and transferred securely and in accordance with applicable law, Bynder uses third parties that provide sufficient guarantees to implement appropriate technical and organizational measures to protect your information. For such third parties that may transfer Personal Data outside the European Economic Area, Bynder confirms that it implements appropriate safeguards for such transfers (e.g. EU Standard Contractual Clauses, and binding corporate rules). Please note, the terms and privacy policies of such third parties may apply to you as well, in particular: Google Analytics, Drift, Google Optimize, Google Ads, Google Tag Manager, Google Recaptcha, Walkme, Dtiar, Amplitude, Segment, Stripe, Appcues, Salesforce, Salesforce Pardot, Bizible, Clearbit, Rollworks, Mavenlink, Sisense, and Zendesk. Your acceptance of applicable third party terms is required to access the Website and Products. Disclaimer: This overview of supporting suppliers provides a current view. Bynder strives to keep this list as up to date as reasonably possible. Global Privacy Policy Public Page 2 of 5 GPP.0011.6 Updated: 24 June 2021 1.5 Third -Party Websites The Website and Products may contain links to third party websites. Such links do not amount to an endorsement of such other websites. Bynder is not responsible for otherwebsites. 1.6 Social Media Buttons On our Website we use the social media plug -ins from Face book, Twitter, Linkedln, Vimeo, and YouTube, each marked with its logo. Plug -ins are also used for the embedded video players on our Website. We have implemented these plug -ins using a two -click solution. When you surf on our Website, no information is initially collected by social media plug -ins. if you click on one of the plug - ins or videos will your information be transmitted. When you activate a plug-in, data is automatically transmitted to that provider. These social media platforms have their own data privacy policies. 1.7 Customer Testimonials We publish customer testimonials on the Website or in other marketing materials which may contain some Personal Data. Bynder obtains consent from the customer and the featured individuals prior to publication. This consent maybe withdrawn by email to privacy@bynder.com. 1.8 Information of Children The Website and Products are for business use and are not intended for or targeted toward children under 16 ("Children"). We do not knowingly collect any information about Children. We encourage parents and legal guardians to monitorthe internet usage of their Children and ensure they do not provide personal information to Bynder. If you believe that we have collected information about Children, please contact us at privac�(@bynder.com so that we can delete the information. 1.9 We Do Not Sell Personal Data We do not sell your Personal Data. 2. Personal Data Retention and Security 2.1 Retention of Personal Data We retain Personal Data for as long as we reasonably consider it to be necessary for the purposes for which it was collected, after which time we will delete the information. You can request deletion of your Personal Data as described in Section 3 below. 2.2 Security of Personal Data Data security is a matter of critical importance. Bynder uses a wide range of security measures to safeguard your data against unauthorized access and disclosure and we continually evaluate our security program to ensure its effectiveness. Amazon Web Services provides our servers and maintains them in high -security controlled environments pursuant to the AWS Cloud Security oolicy. Global Privacy Policy Public Page 3 of 5 GPP.0011.6 Updated: 24 June 2021 2.3 Transfer of Personal Data As an international company with customers and Users worldwide, we may transfer and access Personal Data around the world, including to and from the United States. To comply with applicable law, we maintain strong data protection and privacy controls to protect your Personal Data during cross -border and international transfers, as well as during periods of storage in foreign countries (e.g. EU Standard Contractual Clauses, and binding corporate rules). We believe that your essential privacy rights are not contingent on your nationality or residency. While applicable law always governs data privacy matters, we intend forthis Global Privacy Policy to apply generally to Users and their Personal Data around the world. Nevertheless, privacy law is a constantly changing landscape so we reserve the right to deviate from this Global Privacy Policy where applicable law provides for a different approach. 2.4 Required Disclosure of Your Personal Data We may use or disclose your Personal Data if we reasonably determine that such use or disclosure is necessaryto (a) protect our rights, operations, or Users; (b) comply with applicable laws, a valid court order, or other legal process; or (c) otherwise perform our contractual obligations with our customers. We may transfer the data we control, including Personal Data, in the event of a company reorganization, merger, or sale. 3. Your Data and Your Rights As a general matter, depending on local data protection laws, you have rights that may include: • Clear information on our processing of your Personal Data; • Accessyour Personal Data thatwe hold, togetherwith the right to have inaccuracies corrected; • To have your Personal Data delivered to you in a standard electronic format; • To object to our processing of your Personal Data, and to prevent solely automated decision making or profiling; and • To restrict our processing of your Personal Data, or have your Personal Data deleted. 3.1 Exercising Your Rights If you wish to exercise your rights with respect to your Personal Data, you can email your request to privacy@bynder.com or send postal mail to: Bynder BV Max Euweplein 46 1017 MB Amsterdam The Netherlands Attn: Bynder Legal Team - Privacy or BynderLLC 321 Summer Street Suite 100 Global Privacy Policy Public Page 4 of 5 GPP.0011.6 Updated: 24 June 2021 Boston, MA 02210 Attn: Bynder Legal Team - Privacy. We will generally respond to your requestwithin 30 days. If you wish to unsubscribe from an email list, please clickthe "unsubscribe" link found at the bottom of our emails. If you work for one of Bynder's customers, the best course is to ask the customer to delete your Personal Data. If you want to raise a complaint about the waywe process your Personal Data or the way we have handled a request, please contact us. You may file a complaint with the data protection authority of any country where you live or work orwhere Bynder operates. Product Users can withdraw consent by adjusting their User profile settings in the Products. Please note Please note that the collection, processing, use, sharing, storage, and transfer of your Personal Data maybe necessary for you to make use of our services and that Bynder customers and Users cannot unsubscribe from important Useremails. 4. California Consumer Privacy Act (CCPA) Supplement The CCPA is effective January 1, 2020. If you are a resident of California, this supplement to the Global Privacy Policy sets out additional rights and information for you. Many obligations underthe CCPA are addressed in other provisions of the Global Privacy Policy. This Supplement is meant to fill in the gaps for California residents and the terms used in this Supplement are either defined in the Global Privacy Policy or in the text of the CCPA. CCPA Consumer Rights • The right to access, and to know both the categories of personal information and the specific personal information we collect; • The rightto have your personal information deleted, subject to some legal limitations; • The right to request disclosure of the personal information collected; and • The right to disclosure of information disclosed forvaluable consideration. Submitting Requests under CCPA California residents may submit requests for information under the CCPA to Bynder by email to privacy@bynder.com or by calling our U.S.-based toll -free telephone number: 1 (877) 460-2314. Please be as specific as possible when you exercise your rights under CCPA and submit a request regardingyour personal information. Under the CCPA, we are obligated to verify your identify before we process your request. No Discrimination Bynder will not discriminate against you in pricing, user experience, or any other way for exercising any of your rights under the CCPA. This Global Privacy Policy was last updated and reviewed on 24 June 2021. Global Privacy Policy Public Page 5 of 5 GPP.0011.6 Updated: 24 June 2021 EXHIBIT H DATA PROCESSING ADDENDUM Bynder Data Processing Addendum This Data Processing Addendum, including its Schedules, ("DPA') supplements and forms an integral part of the agreement as governed by the Bynder standard terms of service , attached as Exhibit B to the Agreement, ("Terms") or any other agreement between Customer and the applicable Bynder contracting entity ("Bynder") governing the use and access of the Product ("Agreement"). This DPA reflects the parties' agreement with regard to the Processing of Personal Data by Bynder on behalf of the Customer in connection with the Product. Unless otherwise defined in this DPA or the Agreement, all capitalized terms used in this DPA will have the meanings given to them in Section 1 of this DPA. Definitions. "CCPA" means the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., and its implementing regulations. "Controller" means the entity which determines the purposes and means ofthe Processing of Personal Data. "Customer" means the legal entity that is a party to the Agreement with Bynder. "Data Protection Legislation" means all laws and regulations applicable to the Processing of Personal Data under the Agreement. "Data Subject" means the identified or identifiable person to whom Personal Data relates. "EEA" means the European Economic Area. "GDPR" means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). "Personal Data" means any information relating to an identified or identifiable natural person where such data is Processed by Bynder on behalf of Customer. "Processing" (and all verb tenses) means any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; "Processor" means the entity which Processes Personal Data on behalf of the Controller, including as applicable any "service provider" as that term is defined by the CCPA. "Sub -Processor" means a Processor engaged by Bynder. "Standard Contractual Clauses" means Schedule 4 attached to and forming part ofthis DPA pursuant to the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council. "Supervisory Authority'meansan independent public authority which is established by an EU member state pursuant to the GDPR. 2. Processing of Personal Data. 2.1 Scope. Roles and Details of the Processing. This DPA, including any Schedules, applies when Personal Data is processed by Bynder pursuant to the Agreement. Regarding the Processing of Personal Data, Customer is the Controller, Bynder is the Processor and Bynder will engage Sub -Processors pursuant to the requirements set forth in Section 6 below. The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data and categories of Data Subjects Processed under this DPA are further specified in Schedule 1 to this DPA. 2.2 Customer's Processing of Personal Data. Customer shall, in its use of the Product, Process Personal Data in accordance with the requirements of Data Protection Legislation, including any applicable requirement to provide notice to Data Subjects of the use of Bynder as Processor. For the avoidance of doubt, Customer's instructions for the Processing of Personal Data shall comply with Data Protection Legislation. Customer shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Customer acquired Personal Data. Customer specifically acknowledges that its use ofthe Product will not violate the rights of any Data Subject that has opted -out from sales or other disclosures of Personal Data, to the extent applicable under the CCPA. 2.3 Bynder Processing of Personal Data. Bynder shall treat Personal Data as Confidential Information and shall Process Personal Data on behalf of and only in accordance with Customer's documented instructions for the following purposes: (i) Processing in accordance with the Agreement and applicable Order Form(s); and (ii) Processing initiated by Users in their use of the Product. 3. Instructions. 3.1 Customer Affiliates. Customer represents that it is authorised to give data processing instructions to Bynder and to otherwise act on behalf of any Customer Affiliates under this DPA. 3.2 Documented Instructions. This DPA and the Agreement are Customer's complete and final documented instructions at the time of signature ofthe Agreement with Bynderfor the Processing of Personal Data. Any additional or alternate instructions must be agreed upon separately and in writing. 3.3 Exception. If Bynder is required by law to conduct additional processing, it shall inform Customer of that legal requirement before Processing, unless such notification is prohibited by law. 3.4 Instructions likely to violate Data Protection Legislation. If, in Bynder's opinion, Customer's instructions are either likely to violate Data Protection Legislation, Bynder is entitled to refuse to follow such instructions and shall inform Customer ofthe reasons for its refusal. In such cases, Customer shall provide alternative instructions in a timely manner and Bynder may cease all Processing of the impacted Personal Data (other than secure storage thereof) until it receives acceptable instructions. 4. Bynder Personnel. 4.1 Confidentiality Obligations. Bynder ensures that its personnel engaged in the Processing of Personal Data are informed of the confidential nature of the Personal Data, and have executed written confidentiality agreements. Data Processing Addendum Version: v.2 Kent Page 1 of 18 Bynder Issued: 22, October 2021 4.2 Limited Access. Bynder ensures that Bynder's access to Personal Data is limited to those personnel performing services in accordance with the Agreement. 4.3 Data Protection Officer. Bynder has appointed a data protection officer ("DPO"). The appointed DPO may be reached at privacy@bvnder.com. S. Security of Processing. 5.1 Measures. Bynder has implemented and shall maintain appropriate technical and organisational measures to protect Personal Data against accidental, unauthorised, or unlawful destruction, loss, alteration, disclosure, and access ("Security Measures"), as described in Schedule 3 of this DPA, including as appropriate: a. the pseudonymisation and encryption of Personal Data; b. the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of Processing systems; c. subject to the Service Level Agreement, the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and d. the regular testing, assessment, and evaluation of the effectiveness of the Security Measures. 5.2 Customer has made an independent determination as to whether these Security Measures meet the Customer's requirements. 5.3 Third Party Certifications. Bynder has obtained third party certifications as set forth in Schedule 3 of this DPA. Upon Customer's written request, but not more than once per year, and subject to the confidentiality obligations set forth in the Agreement, Bynder shall make available to Customer a copy of Bynder's then most recent third -party certification and audit report, as applicable. 6. Sub -Processors. 6.1 General Authorization. Customer agrees that Bynder may use Sub -Processors to fulfil its contractual obligations under this DPA or to provide certain services on its behalf. 6.2 Sub -Processor Obligations. Bynder will enter into a written agreement with the Sub -Processor and, to the extent that the Sub - Processor is performing the same Processing activities that are being provided by Bynder, Bynder will impose on Sub -Processors data protection obligations not less protective than those in this DPA. 6.3 Sub -Processor List. Bynder currently uses the Sub -Processors listed in Schedule 2tothis DPA. A list of Sub -Processors is also available on Bynder's website at www.bynder.com/sub-processors/ ("Sub -Processors Page"). Bynder will update the Sub -Processors Page with any new Sub -Processor and notify Customer at least 7 calendar days before such Sub -Processors will begin to Process Personal Data. 6.4 Objection Right. Customer may object to the use of a new Sub -Processor on a reasonable and legitimate basis. In the event Customer objects to a new Sub -Processor, Customer shall provide written notice to rp ivacy@bynder.com within the 7 calendar day notice period set out in Section 6.3 outlining Customer's specific concerns about the new Sub -Processor in order to give Bynder the opportunity to address such concerns. Bynder may, at its sole discretion, (i) not appoint the Sub -Processor and/or propose an alternate Sub -Processor; (ii) take the steps to address the Customer's specific concerns and obtain Customer's written consent to use the Sub -Processor; or (iii) make available to Customer the Bynder Product(s) without the particular aspect that would involve use of the objected -to Sub -processor. If Bynder is unable or determines in its reasonable judgement, that it is commercially unreasonable to do any of the options in Section 6.4 (i)-(iii), Customer may terminate the Agreement in accordance with section 19.3 of the Terms. 6.5 Liaby. Bynder will remain responsible for the performance of a Sub -Processor to the same extent Bynder would be responsible if performing the services of each Sub -Processor directly under the terms of this DPA. Rights of Data Subject. Bynder will, to the extent legally permitted, notify Customer without undue delay if Bynder receives a request from a Data Subject to exercise the Data Subject's rights set forth in Data Protection Legislation, especially Chapter III of GDPR ("Data Subject Request"). Taking into account the nature of the Processing, Bynder will assist Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of Customer's obligation to respond to Data Subject Requests under Data Protection Legislation. To the extent Customer is unable to address a Data Subject Request, Bynder will upon Customer's request provide commercially reasonable efforts to assist Customer in responding to such Data Subject Request. To the extent legally permitted, Customer will be responsible for any costs arising from Bynder's provision of such assistance. 8. Assistance. Taking into account the nature of Processing and the information available to Bynder, Bynder will provide reasonable assistance and cooperation to Customer in respect of its relevant obligations under Articles 32 to 36 GDPR. To the extent legally permitted, Customer will be responsible for any costs arising from Bynder's provision of such assistance. 9. Personal Data Breach Notification. Bynder will notify Customer without undue delay, but always within 48 hours, after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise Processed by Bynder or its Sub -Processors of which Bynder becomes aware ("Personal Data Breach"). Notification of Personal Data Breaches, if any, will be delivered by email atthe email address specified for notices in the applicable Order Form, if no email address is specified, to one or more of Customer's Product administrators. Bynder's obligation to notify Customer of a Personal Data Breach is not an acknowledgement by Bynder of any fault or liability with regard to the Personal Data Breach. The obligations under this Section 9 do not apply to incidents that are caused by Customer or its Users. Data Processing Addendum Version: v.2 Kent Page 2 of 18 Bynder Issued: 22, October 2021 10. Return and Deletion of Personal Data. 10.1 Upon Customer's request to orivacy(@bynder.com Bynder will return or delete Personal Data in accordance with the timeframes specified in the Agreement, unless European Union law or the laws of a EU member state requires that Bynder retains the Personal Data. Bynder may delete Personal Data six months after termination or expiration of the Agreement. Bynder shall dispose Personal Data in accordance with the latest method(s) of data sanitizing, as detailed in NIST 800-88 ("Guidelines for Media Sanitization"). 10.2 Notwithstanding anything to the contrary in this DPA, Bynder may retain Personal Data if and for as long as required by law. 10.3 Personal Data stored in Bynder's auto -backup or archival systems will be deleted automatically after 180 days after back-up, or otherwise as soon as technically possible. 10.4 If Customer provides Personal Data on a hard drive or other forms of removable media, such removable media must be encrypted or password protected. In collaboration with Customer, Bynder shall either return the removable media to Customer, or securely destroy such removable media by using a certified third party. A certificate of destruction can be made available to Customer upon request. 11. Customer Audits. 11.1 Summary Report of Internal Audit. In addition to Section 5.3, Bynder will on a regular basis audit the security of the systems that it uses to Process Personal Data. Upon Customer's written requests, Bynder will make available to Customer a summary of the results of this audit ("Summary Report") to demonstrate compliance with the obligations under this DPA. 11.2 Customer Audit. If Customer substantiates that the Summary Report cannot satisfactorily demonstrate Bynder's compliance and that it has a justifiable suspicion that Bynder is in breach of this DPA, Customer may conduct an audit on Bynder's premises, not more than once per year, and subject to the confidentiality obligations set forth in the Agreement and following conditions: a. Customer must provide at least 30 days' prior written notice to privacy@bynder.com. Such notice must indicate the reasons for the audit request, and will be effective upon Bynder's confirmation of receipt; b. Audits will be conducted within a mutually agreed scope, duration, and timing; performed by Customer, or a third party that is pre - approved by Bynder, such approval not to be unreasonably withheld; and conducted within Bynder's normal business hours and with best efforts taken to avoid disruption of Bynder's business operations; 11.3 Cost. The cost of an audit on Bynder's premises will be borne by Customer, unless a Material Breach (as defined in the Agreement) of this DPA is found, in which case Bynder will bear the costs. 11.4 Nothing in this Section 11 varies or modifies the Standard Contractual Clauses nor affects any Supervisory Authority's or Data Subject's rights under the Standard Contractual Clauses. 12. Transfers of Personal Data to Third Countries. 12.1 Regions. Customer may specify the location where Customer Data, including Personal Data, will be Processed in the Agreement ("Region"). Except as necessary to provide the Product and services initiated by Customer, or as necessary to comply with the law, Bynder will not transfer Personal Data from Customer's selected Region. A transfer to a third country shall take place only if the conditions of Chapter V. GDPR are complied with. 12.2 Application of Standard Contractual Clauses. Bynder will enter into Standard Contractual Clauses with each affiliate and/or Sub - Processor where the Processing of Personal Data is transferred outside the EEA, either directly or via onward transfer, to any third country not recognized by the European Commission as providing an adequate level of protection for Personal Data. Customer hereby authorises Bynder to enter into Standard Contractual Clauses (also) on its behalf and commissions Bynder to enforce them against the relevant Sub -Processor on the Customer's behalf where appropriate. The Standard Contractual Clauses will not apply to Personal Data that is not transferred, either directly or via onward transfer, outside the EEA. 12.3 Order of precedence. If the Standard Contractual Clauses apply, nothing in this Section 12 varies or modifies the Standard Contractual Clauses. 13. Limitation of liability. Each partys liability, taken together in the aggregate, arising out of or related to this DPA, whether in contract, tort or under any other theory of liability, is subject to the 'Limitation of Liability' section of the Agreement, and any reference in such section to the liability of a party means the aggregate liability of that party and all of its Affiliates under the Agreement and all DPAs together. 14. Entire Agreement, Hierarchy. Except as amended bythis DPA, the Agreementwill remain in full force and effect. If there is a conflict between any other agreement between the parties including the Agreement and this DPA, the terms of this DPA will take precedence to the extent of such conflict. 15. Term and termination. This DPA shall enter into force at the same time as the Agreement and shall automatically terminate upon any termination or expiration of the Agreement. 16. List of Schedules. Schedule 1: Details of the Processing of Personal Data Schedule 2: List of Sub -Processors and Bynder Entities Schedule 3: Security Measures Schedule 4: Standard Contractual Clauses Data Processing Addendum Version: v.2 Kent Page 3 of 18 Bynder Issued: 22, October 2021 Schedule 1: Details of the Processing of Personal Data Nature and Purpose of Processing Bynder will Process Personal Data as necessary to provide the Product pursuant to the Agreement and as further instructed by Customer in its use of the Product. Duration of Processing Subject to Section 10 of this DPA, Bynder will Process Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing. Categories of Data Subjects Customer may store Personal Data in the Product, the extent of which is determined and controlled by Customer in its sole discretion. The sole Personal Data required for the use of the Product relates to the following categories of Data Subjects: • Employees of Customer • Customer's Users Types of Personal Data Customer may store Personal Data in the Product, the extent of which is determined and controlled by Customer in its sole discretion. The sole categories of Personal Data required for the use of the Product are: • First and last name • Email address Special categories of data Customer may not store special categories of data in the Product(s). The Product is not intended for Customer to store sensitive categories of data, which is for the sake of clarity Personal Data with information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade -union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation, or personal data relating to criminal convictions and offences. Data Processing Addendum Version: v.2 Kent Page 4 of 18 Bynder Issued: 22, October 2021 Schedule 2: Sub -Processors and Bynder Entities Infrastructure provider Bynder engages the following Sub-Processor(s) to host and store Customer Data. Entity name I Sub -Processor activity Entity country Amazon Web Services EMEA SARL Cloud Service Provider Luxembourg Google Ireland, Inc. Cloud Service Provider (for Video Brand Studio only) Ireland Other Sub -Processors Bynder works with certain third parties, as listed below, to provide specific functionalities within the Product(s). In order to provide the relevant functionality these Sub -Processors access Customer Data. Their use is limited to the indicated activities: Entity name Sub -Processor activity Entity country Pricon BV Pricon is a call centre that assists Bynder with the provision of phone support outside office hours. Netherlands Zendesk Inc. Zendesk provides a cloud -based system for tracking and solving customer support tickets. United States Drift.com Inc. Drift allows direct communication with the Customer within the Product(s). United States Appcues, Inc. Appcues enables Bynder to provide in-app notifications. United States Bynder also engages the following Sub -Processors to support the Video Brand Studio module: Entity name Sub -Processor activity Entity country Google Ireland, Inc. Google also provides a performance and diagnostics Ireland tool to monitor and measure the health of Google resources and applications. FileStack, Inc. FileStack supports the upload of Customer Data in the United States Video Brand Studio module. Bynder entities The following entities are part of the corporate structure of Bynder. Depending on the geographic location of the Customer, Bynder may also engage one or more of the following entities as Sub -Processors. Entity name Entity type Entity country Bynder B.V. Parent company Netherlands Bynder LLC Subsidiary United States Bynder Ltd. Subsidiary United Kingdom Bynder Software FZ-LLC Subsidiary Dubai Bynder Software SL Subsidiary Spain Content Deliver Networks ("CDN") Bynder may use CDN to assist with the delivery of the Product(s). CDNs do not have access to Customer Data itself, but are systems commonly used to provide fast delivery of content based on the geographic location of the individual accessing the content and the origin of the content provider: CDN Provider I CDN Location Amazon Web Services EMEA SARL I Global Data Processing Addendum Version: v.2 Kent Page 5 of 18 Bynder Issued: 22, October 2021 Schedule 3: Security Measures Bynder will implement and maintain the following Security Measure to adequately protect Customer's Personal Data. Customer understands and agrees that these Security Measures are subject to technical progress and development and Bynder is therefore expressly allowed to implement adequate alternative measures as long as the general security level described in this Schedule 3 is maintained: 1. Technical measures 1.1. Access control. Bynder shall prevent unauthorized access to data processing systems. Personnel shall only have access to Customer data when it's necessary for them to perform theirjob. Customer data shall not be read, copied, modified or deleted without authorization. 1.2. Entry control. Bynder shall prevent that data processing systems can be accessed by unauthorized parties. 1.3. Logging control. Bynder shall ensure that all events in the data processing systems can subsequently be checked. 1.4. Transmission control. Bynder shall ensure that Personal Data cannot be read, copied, altered or removed without authorization during electronic transmission. 1.5. Data at rest. Bynder shall ensure the appropriate encryption of data at rest. 1.6. Separation control. Bynder shall ensure that data collected for various purposes are processed separately. 1.7. Reliability control. Bynder shall ensure that all functions of the data processing system are available and occurring malfunctions are notified. 1.8. Integrity control. Bynder shall ensure that stored Personal Data cannot get damaged by malfunctions of the system or that damaged data can be replaced by the original and correct data. 1.9. Availability control. Bynder shall ensure that Personal Data is protected against unintentional destruction or loss and therefore available for the Customer. 2. Organisational measures 2.1 Admission Control. Bynder shall prevent unauthorized persons from gaining access to Bynder premises. 2.2 Securi y and awareness training. Bynder shall maintain a security awareness program that includes the appropriate training of personnel on Bynder's security policies. 2.3 Personnel screening. Criminal background checks shall be performed for all employees before hiring. Additionally, Bynderwill ensure that all employees have executed written confidentiality agreements. 2.4 Information security management process . Bynder shall maintain an ISO 27001:2013 certified information security management system. 2.5 Business continuity management rop cess. Bynder shall maintain a business continuity management system that defines the processes and procedures in the event of a disaster, including the testing and reviewing of the disaster recovery plans. 2.6 Regular evaluation of Security Measures. Bynder shall ensure a process for regular testing, assessing and evaluating the effectiveness of technical and organizational measures to ensure a level of security appropriate to the risk of processing. 3. Third Party Certifications Bynder currently holds and maintains the following certifications: • ISO 27001:2013 • ISO 27018:2019 • ISO 22301:2019 Data Processing Addendum Version: v.2 Kent Page 6 of 18 Bynder Issued: 22, October 2021 Schedule 4: Standard Contractual Clauses European Commission Implementing Decision (EU) 2021/914 Standard Contractual Clauses (Controller -to -Processor Transfers) SECTION I Clause 1 Purpose and scope (a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)1 for the transfer of personal data to a third country. (b) The Parties: (i) the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter'entity/ies') transferring the personal data, as listed in Annex LA (hereinafter each 'data exporter'), and (ii) the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex LA (hereinafter each 'data importer') have agreed to these standard contractual clauses (hereinafter: 'Clauses'). (c) These Clauses apply with respect to the transfer of personal data as specified in Annex I.B. (d) The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses. Clause 2 Effect and invariability of the Clauses (a) These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1) and Article 46(2)(c) of Regulation (EU) 2016/679 and, with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7) of Regulation (EU) 2016/679, provided they are not modified, except to select the appropriate Module(s) or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly, these Clauses or prejudice the fundamental rights or freedoms of data subjects. (b) These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU) 2016/679. Clause 3 Third -party beneficiaries (a) Data subjects may invoke and enforce these Clauses, as third -party beneficiaries, against the data exporter and/or data importer, with the following exceptions: (i) Clause 1, Clause 2, Clause 3, Clause 6, Clause 7; (ii) Clause 8 - Clause 8.1.(b), 8.9.(a), (c), (d) and (e); (iii) Clause 9 - Clause 9(a), (c), (d) and (e); Where the data exporter is a processor subject to Regulation (EU) 2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor (sub -processing) not subject to Regulation (EU) 2016/679 also ensures compliance with Article 29(4) of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295 of 21.11.2018, p. 39), to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3) of Regulation (EU) 2018/1725 are aligned. This will in particular be the case where the controller and processor rely on the Standard Contractual Clauses included in Decision 2021/915. Data Processing Addendum Version: v.2 Kent Page 7 of 18 Bynder Issued: 22, October 2021 (iv) Clause 12 - Clause 12(a), (d) and (f); (v) Clause 13; (vi) Clause 15. L(c), (d) and (e); (vii) Clause 16(e); (viii) Clause 18 - Clause 18(a) and (b); (b) Paragraph (a) is without prejudice to rights of data subjects under Regulation (EU) 2016/679. Clause 4 Interpretation (a) Where these Clauses use terms that are defined in Regulation (EU) 2016/679, those terms shall have the same meaning as in that Regulation. (b) These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU) 2016/679. (c) These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU) 2016/679. Clause 5 Hierarchy In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail. Clause 6 Description of the transfer(s) The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s) for which they are transferred, are specified in Annex I.B. Clause 7 - Optional Not used SECTION H - OBLIGATIONS OF THE PARTIES Clause 8 Data protection safeguards The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures, to satisfy its obligations under these Clauses. 8.1. Instructions (a) The data importer shall process the personal data only on documented instructions from the data exporter. The data exporter may give such instructions throughout the duration of the contract. (b) The data importer shall immediately inform the data exporter if it is unable to follow those instructions. 8.2. Purpose limitation The data importer shall process the personal data only for the specific purpose(s) of the transfer, as set out in Annex I.B, unless on further instructions from the data exporter. 8.3. Transparency On request, the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties, available to the data subject free of charge. To the extent necessary to protect business secrets or other confidential information, including the measures described in Annex II and personal data, the data exporter may redact part of the text of the Appendix to these Clauses prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand the its content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions, to the extent possible without revealing the redacted information. This Clause is without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU) 2016/679. Data Processing Addendum Version: v.2 Kent Page 8 of 18 Bynder Issued: 22, October 2021 8.4. Accuracy If the data importer becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to erase or rectify the data. 8.5. Duration of processing and erasure or return of data Processing by the data importer shall only take place for the duration specified in Annex I.B. After the end of the provision of the processing services, the data importer shall, at the choice of the data exporter, delete all personal data processed on behalf of the data exporter and certify to the data exporter that it has done so, or return to the data exporter all personal data processed on its behalf and delete existing copies. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit return or deletion of the personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process it to the extent and for as long as required under that local law. This is without prejudice to Clause 14, in particular the requirement for the data importer under Clause 14(e) to notify the data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under Clause 14(a). 8.6. Security of processing (a) The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter 'personal data breach'). In assessing the appropriate level of security, the Parties shall take due account of the state of the art, the costs of implementation, the nature, scope, context and purpose(s) of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonymisation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonymisation, the additional information for attributing the personal data to a specific data subject shall, where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security. (b) The data importer shall grant access to the personal data to members of its personnel only to the extent strictly necessary for the implementation, management and monitoring of the contract. It shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. (c) In the event of a personal data breach concerning personal data processed by the data importer under these Clauses, the data importer shall take appropriate measures to address the breach, including measures to mitigate its adverse effects. The data importer shall also notify the data exporter without undue delay after having become aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences and the measures taken or proposed to address the breach including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay. (d) The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU) 2016/679, in particular to notify the competent supervisory authority and the affected data subjects, taking into account the nature of processing and the information available to the data importer. 8.7. Sensitive data Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person's sex life or sexual orientation, or data relating to criminal convictions and offences (hereinafter 'sensitive data'), the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B. 8.8. Onward transfers The data importer shall only disclose the personal data to a third party on documented instructions from the data exporter. In addition, the data may only be disclosed to a third party located outside the European Union (in the same country as the data importer or in The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union's internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses. Data Processing Addendum Version: v.2 Kent Page 9 of 18 Bynder Issued: 22, October 2021 another third country, hereinafter 'onward transfer') if the third parry is or agrees to be bound by these Clauses, under the appropriate Module, or if- (i) the onward transfer is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU) 2016/679 that covers the onward transfer; (ii) the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 Regulation of (EU) 2016/679 with respect to the processing in question; (iii) the onward transfer is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or (iv) the onward transfer is necessary in order to protect the vital interests of the data subject or of another natural person. Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation. 8.9. Documentation and compliance (a) The data importer shall promptly and adequately deal with enquiries from the data exporter that relate to the processing under these Clauses. (b) The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep appropriate documentation on the processing activities carried out on behalf of the data exporter. (c) The data importer shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses and at the data exporter's request, allow for and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non- compliance. In deciding on a review or audit, the data exporter may take into account relevant certifications held by the data importer. (d) The data exporter may choose to conduct the audit by itself or mandate an independent auditor. Audits may include inspections at the premises or physical facilities of the data importer and shall, where appropriate, be carried out with reasonable notice. (e) The Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits, available to the competent supervisory authority on request. Clause 9 Use of sub -processors (a) The data importer has the data exporter's general authorisation for the engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the data exporter in writing of any intended changes to that list through the addition or replacement of sub -processors at least 7 days in advance, thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object. (b) Where the data importer engages a sub -processor to carry out specific processing activities (on behalf of the data exporter), it shall do so by way of a written contract that provides for, in substance, the same data protection obligations as those binding the data importer under these Clauses, including in terms of third -party beneficiary rights for data subjects. The Parties agree that, by complying with this Clause, the data importer fulfils its obligations under 8.8. The data importer shall ensure that the sub -processor complies with the obligations to which the data importer is subject pursuant to these Clauses. (c) The data importer shall provide, at the data exporter's request, a copy of such a sub -processor agreement and any subsequent amendments to the data exporter. To the extent necessary to protect business secrets or other confidential information, including personal data, the data importer may redact the text of the agreement prior to sharing a copy. (d) The data importer shall remain fully responsible to the data exporter for the performance of the sub -processor's obligations under its contract with the data importer. The data importer shall notify the data exporter of any failure by the sub -processor to fulfil its obligations under that contract. (e) The data importer shall agree a third -party beneficiary clause with the sub -processor whereby - in the event the data importer has factually disappeared, ceased to exist in law or has become insolvent - the data exporter shall s This requirement may be satisfied by the sub -processor acceding to these Clauses under the appropriate Module, in accordance with Clause 7. Data Processing Addendum Version: v.2 Kent Page 10 of 18 Bynder Issued: 22, October 2021 have the right to terminate the sub -processor contract and to instruct the sub -processor to erase or return the personal data. Clause 10 Data subject rights (a) The data importer shall promptly notify the data exporter of any request it has received from a data subject. It shall not respond to that request itself unless it has been authorised to do so by the data exporter. (b) The data importer shall assist the data exporter in fulfilling its obligations to respond to data subjects' requests for the exercise of their rights under Regulation (EU) 2016/679. In this regard, the Parties shall set out in Annex II the appropriate technical and organisational measures, taking into account the nature of the processing, by which the assistance shall be provided, as well as the scope and the extent of the assistance required. (c) In fulfilling its obligations under paragraphs (a) and (b), the data importer shall comply with the instructions from the data exporter. Clause I Redress (a) The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject. (b) In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses, that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and, where appropriate, cooperate in resolving them. (c) Where the data subject invokes a third -party beneficiary right pursuant to Clause 3, the data importer shall accept the decision of the data subject to: (i) lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work, or the competent supervisory authority pursuant to Clause 13; (ii) refer the dispute to the competent courts within the meaning of Clause 18. (d) The Parties accept that the data subject may be represented by a not -for -profit body, organisation or association under the conditions set out in Article 80(1) of Regulation (EU) 2016/679. (e) The data importer shall abide by a decision that is binding under the applicable EU or Member State law. (f) The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws. Clause 12 Liability (a) Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses. (b) The data importer shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non -material damages the data importer or its sub -processor causes the data subject by breaching the third -party beneficiary rights under these Clauses. (c) Notwithstanding paragraph (b), the data exporter shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non -material damages the data exporter or the data importer (or its sub -processor) causes the data subject by breaching the third -party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter and, where the data exporter is a processor acting on behalf of a controller, to the liability of the controller under Regulation (EU) 2016/679 or Regulation (EU) 2018/1725, as applicable. (d) The Parties agree that if the data exporter is held liable under paragraph (c) for damages caused by the data importer (or its sub -processor), it shall be entitled to claim back from the data importer that part of the compensation corresponding to the data importer's responsibility for the damage. (e) Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties. (f) The Parties agree that if one Party is held liable under paragraph (e), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage. Data Processing Addendum Version: v.2 Kent Page 11 of 18 Bynder Issued: 22, October 2021 (g) The data importer may not invoke the conduct of a sub -processor to avoid its own liability. Clause 13 Supervision (a) Where the data exporter is established in an EU Member State: The supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established, as indicated in Annex I.C, shall act as competent supervisory authority. Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) of Regulation (EU) 2016/679: The supervisory authority of the Member State in which the representative within the meaning of Article 27(1) of Regulation (EU) 2016/679 is established, as indicated in Annex LC, shall act as competent supervisory authority. Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU) 2016/679 in accordance with its Article 3(2) without however having to appoint a representative pursuant to Article 27(2) of Regulation (EU) 2016/679: The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located, as indicated in Annex I.C, shall act as competent supervisory authority. (b) The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken. SECTION III - LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES Clause 14 Local laws and practices affecting compliance with the Clauses (a) The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1) of Regulation (EU) 2016/679, are not in contradiction with these Clauses. (b) The Parties declare that in providing the warranty in paragraph (a), they have taken due account in particular of the following elements: (i) the specific circumstances of the transfer, including the length of the processing chain, the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient; the purpose of processing; the categories and format of the transferred personal data; the economic sector in which the transfer occurs; the storage location of the data transferred; (ii) the laws and practices of the third country of destination- including those requiring the disclosure of data to public authorities or authorising access by such authorities - relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards4, (iii) any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination. (c) The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses. As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative timeframe. This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular, the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies. Data Processing Addendum Version: v.2 Kent Page 12 of 18 Bynder Issued: 22, October 2021 (d) The Parties agree to document the assessment under paragraph (b) and make it available to the competent supervisory authority on request. (e) The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request) indicating an application of such laws in practice that is not in line with the requirements in paragraph (a). (1) Following a notification pursuant to paragraph (e), or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses, the data exporter shall promptly identify appropriate measures (e.g. technical or organisational measures to ensure security and confidentiality) to be adopted by the data exporter and/or data importer to address the situation. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the competent supervisory authority to do so. In this case, the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d) and (c) shall apply. Clause 15 Obligations of the data importer in case of access by public authorities 15.1. Notification (a) The data importer agrees to notify the data exporter and, where possible, the data subject promptly (if necessary with the help of the data exporter) if it: (i) receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested, the requesting authority, the legal basis for the request and the response provided; or (ii) becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination; such notification shall include all information available to the importer. (b) If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition, with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter. (c) Where permissible under the laws of the country of destination, the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests, type of data requested, requesting authority/ies, whether requests have been challenged and the outcome of such challenges, etc.). (d) The data importer agrees to preserve the information pursuant to paragraphs (a) to (c) for the duration of the contract and make it available to the competent supervisory authority on request. (e) Paragraphs (a) to (c) are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses. 15.2. Review of legality and data minimisation (a) The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity. The data importer shall, under the same conditions, pursue possibilities of appeal. When challenging a request, the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e). (b) The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request. (c) The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request. Data Processing Addendum Version: v.2 Kent Page 13 of 18 Bynder Issued: 22, October 2021 SECTION IV - FINAL PROVISIONS Clause 16 Non-compliance with the Clauses and termination (a) The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses, for whatever reason. (b) In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f). (c) The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses, where: (i) the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b) and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension; (ii) the data importer is in substantial or persistent breach of these Clauses; or (iii) the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses. In these cases, it shall inform the competent supervisory authority of such non-compliance. Where the contract involves more than two Parties, the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. (d) Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety. The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law. (e) Either Party may revoke its agreement to be bound by these Clauses where (i) the European Commission adopts a decision pursuant to Article 45(3) of Regulation (EU) 2016/679 that covers the transfer of personal data to which these Clauses apply; or (ii) Regulation (EU) 2016/679 becomes part of the legal framework of the country to which the personal data is transferred. This is without prejudice to other obligations applying to the processing in question under Regulation (EU) 2016/679. Clause 17 Governing law These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third -parry beneficiary rights. The Parties agree that this shall be the same governing law stated in the Agreement, as long as it is the law of one of the EU Member States allowing for third -parry beneficiary rights, otherwise, the governing law will be the law of the Netherlands. Clause 18 Choice of forum and jurisdiction (a) Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State. (b) The Parties agree that those shall be the courts of the EU Member State stated in Clause 17. (c) A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence. (d) The Parties agree to submit themselves to the jurisdiction of such courts. Data Processing Addendum Version: v.2 Kent Page 14 of 18 Bynder Issued: 22, October 2021 APPENDIX ANNEX I A. LIST OF PARTIES Data exporter(s): Name: The entity identified as Customer in the DPA. Address: The address specified in the DPA or in the Agreement. Contact person's name, position and contact details: The contact details specified in the DPA or in the Agreement. Activities relevant to the data transferred under these Clauses: Use of the Bynder Product(s). Signature and date: By entering into the Agreement, data exporter is deemed to have signed these Standard Contractual Clauses, including their Annexes, as of the Effective Date of the Agreement. Role (controller/processor): Controller Data emporter(s): Name: Bynder LLC Address: 321 Summer Street, Boston MA 02210, USA. Contact person's name, position and contact details: The contact details specified in the DPA or in the Agreement. Activities relevant to the data transferred under these Clauses: Provision of the Bynder Product(s). Signature and date: By entering into the Agreement, data importer is deemed to have signed these Standard Contractual Clauses, including their Annexes, as of the Effective Date of the Agreement. Role (controller/processor): Processor B. DESCRIPTION OF TRANSFER Categories of data subjects whose personal data is transferred Customer may store Personal Data in the Product, the extent of which is determined and controlled by Customer in its sole discretion. The sole Personal Data required for the use of the Product relates to the following categories of Data Subjects: • Employees of Customer • Customer's Users Categories of personal data transferred Customer may store Personal Data in the Product, the extent of which is determined and controlled by Customer in its sole discretion. The sole categories of Personal Data required for the use of the Product are: • First and last name • Email address Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures. Customer may not store sensitive data in the Product(s). The Product is not intended for Customer to store sensitive categories of data, which is for the sake of clarity Personal Data with information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade -union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation, or personal data relating to criminal convictions and offences. The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis). The frequency of the transfer is a continuous basis for the duration of the Agreement, unless otherwise agreed upon in writing. Nature of the processing Bynder will Process Personal Data as necessary to provide the Product pursuant to the Agreement and as further instructed by Customer in its use of the Product. Purpose(s) of the data transfer and further processing Data Processing Addendum Version: v.2 Kent Page 15 of 18 Bynder Issued: 22, October 2021 Bynder will Process Personal Data as necessary to provide the Product pursuant to the Agreement and as farther instructed by Customer in its use of the Product. The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period Bynder may delete Personal Data six months after termination or expiration of the Agreement, unless European Union law or the laws of an EU member state requires that Bynder retains the Personal Data for a longer period. Personal Data stored in Bynder's auto - backup or archival systems will be deleted automatically after 180 days after back-up, or otherwise as soon as technically possible. For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing Specified on Bynder's website at www.bynder.com/sub-processors/ ("Sub -Processors Page"). Sub -Processors will Process Personal Data for the duration of the Agreement, unless otherwise agreed upon in writing. C. COMPETENT SUPERVISORY AUTHORITY Identify the competent supervisory authority/ies in accordance with Clause 13 The data exporter's competent supervisory authority will be determined in accordance with the GDPR. Data Processing Addendum Version: v.2 Kent Page 16 of 18 Bynder Issued: 22, October 2021 ANNEX II TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons Data importer will implement and maintain the technical and organizational measures to adequately protect the data exporter's Personal Data as further described in the DPA. Data exporter understands and agrees that these technical and organizational measures are subject to technical progress and development and Bynder is therefore expressly allowed to implement adequate alternative measures as long as the general security level described in the DPA is maintained. For transfers to (sub) processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub -processor, to the data exporter. Bynder selects its sub -processors very carefully, all of which undergo stringent security assessments and intakes. Bynder has imposed on them data protection obligations that correspond to the data protection provisions in the contractual relationship between Customer and Bynder. Taking into account the state of the art, costs of implementation, and nature of the processing, our sub -processors shall maintain appropriate technical and organisational measures to protect Personal Data against accidental, unauthorised, or unlawful destruction, loss, alteration, disclosure, and access ("Security Measures"), including, as appropriate: (a) the pseudonymisation and encryption of Personal Data; (b) the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of Processing systems; (c) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (d) the regular maintenance, testing, assessment, evaluation, and updating of the effectiveness of the Security Measures. Data Processing Addendum Version: v.2 Kent Page 17 of 18 Bynder Issued: 22, October 2021 ANNEX III ADDITIONAL CLAUSES For the avoidance of doubt, the limitations of liability section of the Agreement is an additional clause pursuant to Clause 2 of these Clauses. Data Processing Addendum Version: v.2 Kent Page 18 of 18 Bynder Issued: 22, October 2021