The URL can be used to link to this page

Home My WebLink AboutCAG2019-330 - Extension - Extension - PowerDMS - Software Subscription - 7/22/24 FOR CITY OF KENT OFFICIAL USE ONLY Sup/Mgr: Agreement Routing Form DirAsst: • For Approvals,Signatures and Records Management Dir/Dep: KENT This form combines&replaces the Request for Mayor's Signature and Contract Cover (optional) WASHINGTON Sheet forms. (Print on pink or cherry colored paper) Originator: Department: Ikhra Mohamed IT Date Sent: Date Required: > 07/31/2024 08/14/2024 Q Mayor or Designee to Sign. Date of Council Approval: Q Interlocal Agreement Uploaded to Website N/A Budget Account Number• Grant? Yes No�✓ 52001770.64260.1800 Budget?❑✓ Yes Type: N/A Vendor Name: Category: PowerDMS Contract Vendor Number: Ir Sub-Category: 1078155 Original 0 Project Name: PowerDMS CProject Details: Annual renewal of PowerDMS software subscription, at a cost of $20,110.27, including any applicable Washington State Use Tax, under Mayor's signature authority. This renewal is under a new NeoGov contract. C Basis for Selection of Contractor: � Agreement Amount: $20,110.27 Direct Negotiation *Memo to Mayor must be attached .1111 i Start Date: 02/2024 Termination Date: 07/21/2025 Im a Local Business? Yes ✓�No*If meets requirements per KCC 3.70.100,please complete"Vendor Purchase-Local Exceptions"form on Cityspace. Business License Verification: ❑Yes In-Process F1 Exempt(KCC 5.01.045) F71Authorized Signer Verified Notice required prior to disclosure? Contract Number: Yes ✓❑No CAG2019-330 Comments: <<Signature on attached quote pg. 3/37 and contract pg. 13/37>> 0 IM Dana Ralph, Mayor � c 0 Date: <<Date on attached quote pg. 3/37 and contract pg. 13/37>> 3 � N Note: Quote reflects renewal start date - confirmed by vendor Date Received:City Attorney: 7/31/24 Date Routed:Mayor's Office 8/6/24 ty Clerk's Office 8/6/24 adccW22373_1_2 �� Documents.KentWA.gov to obtain copies of all agreements rev.20221201 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD11 B87EDAF P(bwerDMS 2120 Park PIS. Suite 100 IsyNEOGOV GI Segundo, CA 90245 NEOGOV Order Details Account Number: A-116 Order#: Q-254376 Customer: Kent Police Department(WA) Valid Until: 7/22/2024 Employee Count: 225 Sales Rep: Salesforce Administrator Customer Contact Billing Contact: Kent Police Department(WA) Shipping Contact: Kent Police Department(WA) AP Invoices-Kent WA IT Admin-City of Kent Billing Address: 220 Fourth Ave S Shipping Address: 220 Fourth Ave S Kent,WA 98032 Kent,WA 98032 Billing Contact Email: apinvoices@kentwa.gov Shipping Contact Email: ita@kentwa.gov Billing Phone: (253)856-5853 Shipping Phone: (253)856-5834 Payment Terms Payment Term: Net 60 Notes: Policy 225-249 user tier PO Number: Subscription Service July 2024 Item Type Start Date End Date Qty Total(USD) PowerPolicy Professional Subscription Recurring 7/22/2024 1 7/21/2025 249 $11,385.65 A policy and compliance management platform that lets you create,edit,organize,and distribute content from a secure,cloud-based site.Included are key features such as automatic workflows,signature capture and tracking,side-by-side comparison,Public-Facing Documents,PowerDMS University,and Analocs for advanced reporting. Legacy Training Included Recurring 7/22/2024 1 7/21/2025 1 249 $0.00 A training solution that lets you create,deliver,and track training content online,including videos and PowerPoint presentations.It integrates with PowerDMS Select and Professional,giving you the ability to attach policies to training courses while ensuring version control.This is granted to legacy customers. WASPC LE Accreditation Manual Recurring 7/22/2024 7/21/2025 1 $0.00 View Standards Manual electronically. PowerStandards for WASPC LE>50 employees Recurring 7/22/2024 7/21/2025 1 $650.00 Attach proofs to show compliance with WASPC standard,assign assessment tasks,track revisions,and status-based grading.>50 employees WASPC Jail Accreditation Manual Recurring 7/22/2024 1 7/21/2025 1 1 $0.00 Electronic version of the(WASPC Jail)manual.View standards manual electronically,receive immediate updates to the standards manual and view side-by-side comparison of revisions and perform keyword search. PowerDMS Standards WASPC Jail >50 employees Recurring 7/22/2024 1 7/21/2025 1 $650.00 Attach proofs to show compliance with WASPC Jail Standard,assign assessment tasks,track revisions,and status-based grading.>50 employees PowerReady(formerly PowerFTO)Subscription Recurring 7/22/2024 1 7/21/2025 1 1 $5,563.23 The PowerFTO Annual subscription provides an agency-wide license for unlimited number of programs and includes;Secure Storage on MS Azure Gov Servers,Mobile Accessibility,Email Notifications,Unlimited Late Form and Trainee Performance Alerts,Ongoing training resources,Ongoing software updates,Access to Industry Partnerships,Ongoing Support&Maintenance. July 2024 TOTAL: $18,248.88 This price does NOT include any sales tax.Total in USD Additional Terms and Conditions % Payment Terms: All invoices issued hereunder are due upon the invoice due date.The fees set forth in this Order Form are exclusive of all applicable taxes,levies,or duties imposed by taxing authorities and Customer shall be responsible for payment of any such applicable taxes,levies, or duties.All payment obligations are non-cancellable,and all fees paid are non-refundable.Payment for services ordered hereunder shall be made to PowerDMS,Inc.,a wholly owned subsidiary of Governmentjobs.com,Inc.(D/B/A NEOGOV). Page 1 of 2 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF PowerDMS 2120 Park PIS. Suite 100 by NEOGOV El Segundo, CA 90245 N E 0 (31- Terms&Conditions: This Order Form creates a legally binding contract on the parties. Unless otherwise agreed in a written agreement between Govern mentJobs.com,Inc.(D/B/A/NEOGOV),parent company of PowerDMS,Inc.,Cuehit, Inc., Ragnasoft LLC(D/B/A/PlanIT Schedule),and Design PD, LLC(D/B/A Agency360)(collectively,"NEOGOV")and Customer,this Order Form and the services to be furnished pursuant to this Order Form are subject to the terms and conditions set forth In the NEOGOV Services Agreement V071423 affixed hereto.The Effective Date(as defined in the terms and conditions)shall be the Subscription Start Date. Special Condition: Customer Goy erment3obs.com,Inc.(DB/A/NPOGOV),on behalf of itself and its subsidiaries PowerDAIS,Inc.,Cuehit,Inc., Ranasoft LLC(DBIAI P1anIT Schedule),and Design PD, LLC B/A A enc 36U Entity Name: City of Kent DocuSigned by: ` 5%t� �V'IIn,S Signature: Signature; 2085ADAMM453... Print Name: Dana Ralph Print Name: Amy Prins r'Ov ter: Date: 08/05/2024 Date: 7/25/2024 1 3:21:04 PM PDT 0 THE INFORMATION AND PRICING CONTAINED IN THIS ORDER FORM IS STRICTLY CONFIDENTIAL. YOUR SIGNATURE CONSTITUTES ACCEPTANCE OF TERMS HEREIN AND CONTRACTUAL COMMITMENT TO PURCHASE THE ITEMS LISTED ABOVE. Page 2 of 2 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD11 B87EDAF TM P(bwerDM S NEOGOV Digital Management 5ottwar, R HEflC0Y CanP�+Y SERVICES AGREEMENT V071423 You agree that by placing an order through a NEOGOV standard ordering document such as an"Order Form","Service Order," "Ordering Document,""SOW"or other document mutually agreed by the parties detailing the services,pricing and subscription term(each,an"Order Form"for purposes of this Agreement),you agree to follow and be bound by the terms and conditions set forth herein. "Governmentjobs.com", "NEOGOV", "we", and"our"means Govemmmentjobs.com, Inc.(DB/A/NEOGOV), for and on behalf of itself and its subsidiaries PowerDMS,Inc.,Cuehit,Inc.,Ragnasoft LLC(DB/A/PlanIT Schedule),and Design PD,LLC (DB/A Agency360) (collectively,"NEOGOV" and,where applicable,its other affiliates; "Customer", "you", "your" means the NEOGOV client,customer,and/or the subscriber identified in the Order Form). "Services Agreement"or the"Agreement" shall be used to collectively refer to this NEOGOV Services Agreement,documents incorporated herein including the applicable Order Form, each Addendum (as applicable), and Special Conditions (if any). "Addendum"means each Addendum set forth as an Exhibit hereto and, as applicable,made a part of this Agreement. "Special Conditions"means individually negotiated variations,amendments and/or additions to this Service Agreement of which are either drafted,or incorporated by reference,into the Order Form. 1. Provision of Services.Subject to the terms of this Agreement NEOGOV hereby agrees to provide Customer with access to its SaaS Applications and Professional Services(each defined below)included or ordered by Customer in the applicable Order Form(collectively referred to as the"Services").Customer hereby acknowledges and agrees that NEOGOV's provision and performance of,and Customer's access to,the Services is dependent and conditioned upon Customer's full performance of its duties,obligations and responsibilities hereunder.This Agreement entered into as of the earlier of.(i)date of your signature on an applicable Order Form;or(ii)use of the Services commences(the"Effective Date").The Agreement supersedes any prior and contemporaneous discussions,agreements or representations and warranties.All previous agreements,including the Service Agreement dated August 1, 2011, will terminate upon the execution of this Agreement, and all services and subscriptions previously in effect,including Governmentjobs.com,Learn,Insight,Employee Import into PE/ON(SFTP)will come under the terms of this Agreement,except that the Effective Date(as defined in the Agreement)and subsequent renewal dates of such subscriptions shall remain the dates set forth on their associated Order Forms. 2. SaaS Subscription. a) Subscription Grant."SaaS Applications"means each proprietary NEOGOV web-based software-as-a-service application that may be set forth on an Order Form and subsequently made available by NEOGOV to Customer, and associated components as described in any written service specifications made available to Customer by NEOGOV(the"Service Specifications"). Subject to and conditioned on Customer's and its Authorized Users' compliance with the terms and conditions of this Agreement,NEOGOV hereby grants to Customer a limited,non-exclusive,non-transferable,and non- sublicensable right to(i)onboard,access and use,and to permit Authorized Users to onboard,access and use,the SaaS Applications specified in the Order Form solely for Customer's internal,non-commercial purposes; (ii)generate,print, and download Customer Data as may result from any access to or use of the SaaS Applications;and(iii)train Authorized Users in uses of the SaaS Applications permitted hereunder(these rights shall collectively be referred to as the"SaaS Subscription"). "Authorized Users"means(1)Customer employees,agents,contractors,consultants("Personnel")who are authorized by Customer to access and use the Services under the rights granted to Customer pursuant to this Services Agreement and(2)for whom access to the Services has been purchased hereunder. You shall not exceed the usage limits (if any)as detailed in the user tier in the applicable Order Form.You may not access the SaaS Applications if you are a direct competitor of NEOGOV or its affiliates. In addition,you may not access the SaaS Applications for purposes of monitoring their availability,performance,or functionality,or for any other benchmarking or competitive purposes. You shall be responsible for each Authorized User's access to and use of the SaaS Applications and compliance with applicable terms and conditions of this Agreement. b) Subscription Term. Unless otherwise specified in an applicable Order Form,SaaS Subscriptions shall commence on the Effective Date and remain in effect for twelve(12)consecutive months,unless terminated earlier in accordance with this Agreement (the "Initial Tenn"). Thereafter, SaaS Subscriptions shall automatically renew for successive twelve (12) month terms(each a"Renewal Tenn"and together with the Initial Term,collectively,the"Tenn")unless a party delivers to the other party,at least thirty(30) days prior to the expiration of the Initial Term or the applicable Renewal Term, written notice of such party's intention to not renew the SaaS Subscriptions,or unless terminated earlier in accordance with this Agreement. The Term for the Services is a continuous and non-divisible commitment for the full duration regardless of any invoice schedule.The purchase of any Service is separate from any other order for any other Service. Customer may purchase certain Services independently of other Services.Your obligation to pay for any Service is not contingent on performance of any other Service or delivery of any other Service. 1 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD11 B87EDAF r ` 'TM P(bwerDMS N E l , V Digital Management Softwarc VVV AHEaaovCanw +r 3. Customer Responsibilities. Customer will not, and will ensure its Authorized Users do not(a)make any of the Services available to anyone other than Authorized Users or use any Services for the benefit of anyone other than Customer and its Authorized Users, unless otherwise agreed in writing by the parties, (b) sell, resell, license, sublicense, distribute, make available,rent or lease any of the Services,or include any of the Services in a service bureau or outsourcing offering,unless otherwise agreed in writing by the parties,(c)use the Services to store or transmit infringing,libelous,or otherwise unlawful or tortious material,or to store or transmit material in violation of the privacy rights,publicity rights,copyright rights,or other rights of any person or entity,(d)use the Services to store or transmit code,files,scripts,agents or programs intended to do harm, including, for example, viruses, worms,time bombs and Trojan horses, (e) interfere with or disrupt the integrity or performance of the Services (including, without limitation, activities such as security penetration tests, stress tests, and spamming activity),(f)attempt to gain unauthorized access to the Services or its related systems or networks,(g)disassemble, reverse engineer,or decompile the Services,or modify,copy, or create derivative works based on the Services or any part, feature, function or user interface thereof, (h) remove the copyright, trademark, or any other proprietary rights or notices included within NEOGOV Intellectual Property and on and in any documentation or training materials,or(i)use the Services in a manner which violates the terms of this Agreement,any Order Form or any applicable laws. 4. Professional Services. "Professional Services" shall mean professional services purchased by Customer as detailed in an applicable Order Form or NEOGOV Scope of Work(SOW)describing the work to be performed,fees,and any applicable milestones, dependencies, and other technical specifications or related information. Professional Services may include training,implementation,and best practices of and concerning the SaaS Applications. Professional Services are subject to the terms of the Professional Services Addendum made available on the NEOGOV Site and made a part hereof and may be subject to additional terms pursuant to an SOW and Service Specifications describing,if applicable,the work to be performed,fees, and any applicable milestones,dependencies,and other technical specifications or related information.Order Forms or SOWs must be signed by Customer before NEOGOV shall commence work.If Customer executes a separate SOW,this Agreement and documents incorporated herein(including but not limited to the Professional Services Addendum) shall control in the event of a conflict with the terms of the SOW.All Professional Services purchased by Customer must be utilized within twelve (12)months of the date of the applicable Order Form or SOW. 5. PajMent Terms. a) Fees. Customer shall pay all Subscription,Onboarding and Set-Up fees("Subscription Fees")and Professional Service fees("Professional Service Fees", collectively the"Fees")as set forth in an Order Form within thirty(30)days of the date of NEOGOV's invoice.Fees shall be invoiced annually in advance and in a single invoice for each Term. Unless explicitly stated otherwise in an Order Form,all payments due under an Order Form are expressed in and shall be paid in U.S. dollars. Invoices shall be delivered to the stated"Bill To"party on the Order Form. Unless explicitly provided otherwise,once placed the Order Form is non-cancellable and sums paid nonrefundable.Any invoiced amount that is not received by NEOGOV when due as set forth in an Order Form will be subject to a late payment fee of 1.5%per month or the maximum rate permitted by law,whichever is lower. If any amount owing by Customer is more than 30 days overdue,NEOGOV may,without limiting its other rights and remedies,suspend the Services until such amounts are paid in full. If Subscription Fees are based upon the Authorized User or employee count as may be specified in an Order Form, Customer shall owe NEOGOV supplemental Subscription Fees to the extent Customer exceeds the number of Authorized Users or employees set forth in the Order Form. Except as otherwise specifically stated in the Order Form, NEOGOV may change the charges for the Services with effect from the start of each Renewal Term by providing Customer with new pricing at least thirty(30)day notice prior to commencement of a Renewal Term.The new pricing shall be deemed to be effective if Customer(a)returns an executed Order Form to NEOGOV, (b)remits payment to NEOGOV of the fees set forth in the invoice referencing the new pricing,or(c)the Customer or any of its Authorized Users access or use the Services after the expiration of the previous Term. b) Taxes. Customer will pay all taxes, duties and levies imposed by all federal, state, and local authorities (including, without limitation, export, sales,use, excise,and value-added taxes)based on the transactions or payments under this Agreement, except those taxes imposed or based on NEOGOV's net income or those exempt by applicable state law. Customer shall provide NEOGOV with a certificate or other evidence of such exemption within ten(10)days after the Effective Date of this Agreement and thereafter upon NEOGOV's request therefor. c) Purchase Orders. Any reference to a purchase order in an Order Form or any associated invoice is solely for Customer's convenience in record keeping,and no such reference or any delivery of services to Customer following receipt of any purchase order shall be deemed an acknowledgement of or an agreement to any terms or conditions referenced or included in any such purchase order.If a purchase order is delivered by Customer in connection with the purchase of Services, none of the terms and conditions contained in such purchase order shall have any effect or modify or supersede the terms and conditions of this Agreement.NEOGOV's failure to object to terms contained in any such purchase order shall not be a waiver of the terms set forth in this provision or in this Agreement. 2 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD11 B87EDAF TM P(bwerDM S NEOGOV Digital Management 5oftwar, R HEflC0Y CanP�+Y 6. Term and Termination. a) Term. This Agreement shall commence on the Effective Date and shall remain in effect until all SaaS Subscriptions have expired and/or both parties have achieved full performance of Professional Services,unless it is terminated earlier in accordance with this Agreement. b) Termination for Cause;Effect of Termination. Either Party may terminate this Agreement immediately if the other is in material breach of this Agreement and such breach is not cured within thirty(30)days following non-breaching parry's written specification of the breach.NEOGOV may suspend the Services or terminate this Agreement immediately in the event the Services or Customer's use of the Services provided hereunder pose a security risk to the Services,NEOGOV or any third party,or become illegal or contrary to any applicable law,rule,regulation,or public policy.Upon expiration or any termination of this Agreement,Customer shall cease all use and refrain from all further use of the Services and other NEOGOV Intellectual Property. Additionally,Customer shall be obligated to pay,as of the effective date of such expiration or termination,all amounts due and unpaid to NEOGOV under this Agreement.Unless otherwise specified, following 90 days after expiration or termination of the Agreement NEOGOV may remove Customer Data from NEOGOV Services and without Customer consent or notice. 7. Audit Rights. Upon reasonable notice,NEOGOV or its agent shall have the right to audit Customer's records relating to its compliance with this Agreement. Customer shall cooperate fully with this audit. If any audit conducted under this Section indicates that any amount due to NEOGOV was underpaid,Customer shall within three(3)business days pay to NEOGOV the amount due. All expenses associated with any such audit shall be paid by NEOGOV unless the audit reveals underpayment in excess of five percent(5%),in which case Customer shall pay such expenses as well as any amount due to NEOGOV. 8. Maintenance,Modifications;Support Services. a) Maintenance, Updates, Upgrades. NEOGOV maintains NEOGOV's hardware and software infrastructure for the Services and is responsible for maintaining the NEOGOV server operation and NEOGOV database security.NEOGOV may in its sole discretion,periodically modify,Update,and Upgrade the features,components,and functionality of the Services during the Term. "Update" means any update, bug fix, patch or correction of the Services or underlying NEOGOV software that NEOGOV makes generally available to its customers of the same module,excluding Upgrades. Updates are automatic and available upon Customer's next login to the Services following an Update at no additional cost to Customer. "Upgrade" means any update of the Services or underlying NEOGOV software such as platform updates,and major product enhancements and/or new features that NEOGOV makes commercially available.NEOGOV shall have no obligation to provide Upgrades to customers and retains the right to offer Upgrades free of cost or on a per customer basis at additional cost. NEOGOV shall have no liability for, or any obligations to, investments in, or modifications to Customer's hardware,systems or other software which may be necessary to use or access the Services due to a modification,Update,or Upgrade of the Services. b) Program Documentation; Training Materials. "Program Documentation" shall mean all user guides, training, and implementation material,and Service descriptions provided by NEOGOV to Customer in connection with the Services. NEOGOV hereby grants to Customer a non-exclusive, non-sublicensable, non-transferable license to use, print, and distribute internally via non-public platforms,the Program Documentation during the Term solely for Customer's internal business purposes in connection with its use of the Services.Primary training of NEOGOV Services is conducted by self- review of online materials.NEOGOV's pre-built,online training consists of a series of tutorials to introduce the standard features and functions(the"Training Materials").The Training Materials may be used as reference material by Customer Personnel conducting day-to-day activities. c) Implementation.For Services requiring implementation,NEOGOV implementation supplements the Training Materials and is conducted off-site unless otherwise agreed in the Order Form. For an additional fee as detailed on an applicable Order Form,NEOGOV personnel will provide consultation on best practices for setting up the Services,answer Customer questions during the implementation period,and use commercially reasonable efforts to ensure Authorized User Admins grasp the system. The length of the implementation time is dependent on the type of Service and the Customer's responsiveness.NEOGOV is not responsible or liable for any delay or failure to perform implementation caused in whole or in part by Customer's delay in performing its obligations hereunder and,in the event of any such delay,NEOGOV may,in its sole discretion,extend all performance dates as NEOGOV deems reasonably necessary. d) Support.Phone support for the Services is available to Customer Monday through Friday,excluding NEOGOV holidays. Customer may submit a request for online support for the Services 24 hours a day,seven days a week,and the NEOGOV 3 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD11 B87EDAF r ` �TM P(bwerDMS N E l , V Digital Management Softwarc VVV ��,,,III ■MEoGov Cwp-r support desk will acknowledge receipt of the request within a reasonable time.The length of time for a resolution of any problem is dependent on the type of case. e) Limitations.Unless otherwise specified in the Order Form,this Agreement does not obligate NEOGOV to render any maintenance or support services that are not expressly provided herein,including,but not limited to data uploads,manual data entry, migration services, data conversion, refinement, purification, reformatting, SQL dump, or process consultation. 9. NEOGOV Intellectual Property.NEOGOV shall exclusively own all right, title and interest in and to all pre-existing and future intellectual property developed or delivered by NEOGOV including all Services,products,systems,software(including any source code or object code)or Service Specifications related thereto,Updates or Upgrades,trademarks,service marks, logos and other distinctive brand features of NEOGOV and all proprietary rights embodied therein (collectively, the "NEOGOV Intellectual Property"). This Agreement does not convey or transfer title or ownership of the NEOGOV Intellectual Property to Customer or any of its users.All rights not expressly granted herein are reserved by NEOGOV.Other than recommendation use or as required by law,all use of NEOGOV trademarks must be pre-approved by NEOGOV prior to use.Trademarks shall include any word,name,symbol,color,designation or device,or any combination thereof that functions as a source identifier,including any trademark,trade dress, service mark,trade name,logo, design mark,or domain name, whether or not registered. 10. Data Processing and Privacy. a) Customer Data. "Customer Data" shall mean all data that is owned or developed by Customer, whether provided to NEOGOV by Customer or provided by a third party to NEOGOV in connection with NEOGOV's provision of Services to Customer,including Personnel data collected,loaded into,or located in Customer data files maintained by NEOGOV. NEOGOV Intellectual Property, including but not limited to the Services and all derivative works thereof,NEOGOV Confidential Information, and Platform Data do not fall within the meaning of the term "Customer Data". Customer exclusively owns all right,title,and interest in and to all Customer Data.Customer grants NEOGOV a license to host, use, process, display, create non-personal derivative works of, and transmit Customer Data to provide the Services. NEOGOV reserves the right to delete or disable Customer Data stored,transmitted or published by Customer using the Services upon receipt of a bona fide notification that such content infringes upon the intellectual property rights of others, or if NEOGOV otherwise reasonably believes any such content is in violation of this Agreement. b) Platform Data. "Platform Data"shall mean any anonymized data reflecting the access to or use of the Services by or on behalf of Customer or any user,including statistical or other analysis and performance information related to the provision and operation of the Services including any end user visit,session,impression,clickthrough or click stream data,as well as log, device,transaction data,or other analysis, information, or data based on or derived from any of the foregoing. NEOGOV shall exclusively own all right, title and interest in and to all Platform Data. Customer acknowledges NEOGOV may compile Platform Data based on Customer Data input into the Services.Customer agrees that NEOGOV may use Platform Data to the extent and in the manner permitted under applicable law. Such anonymized data neither identifies Customer or its users,nor can Customer or any of its users can be derived from such data. c) Data Processing Agreement.To the extent Customer uses the Services to target and collect personal information from users located in the European Union,European Economic Area,or Switzerland(the"EU")or the United Kingdom ("UK"),or has Authorized Users accessing the Services from the EU or UK,the terms of the NEOGOV Data Processing Addendum("DPA")made available on the NEOGOV Site is hereby incorporated herein by reference and made part of this Agreement. d) Data Responsibilities. i) NEOGOV will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of the Customer Data. Those safeguards will include, but will not be limited to, measures for preventing access,use,modification or disclosure of Customer Data by NEOGOV personnel except (a)to provide the Services and prevent or address service or technical problems,(b)as compelled by applicable law, or (c) as Customer expressly permits in writing. Customer acknowledges and agrees that it is commercially reasonable for NEOGOV to rely upon the security processes and measures utilized by NEOGOV's cloud infrastructure providers. ii) Customer is solely responsible for the development, content, operation,maintenance, and use of Customer Data, including but not limited to compliance with applicable laws.NEOGOV will have no responsibility or liability for the accuracy of the Customer Data prior to receipt of such data into the Services.Without limiting the foregoing, Customer shall be solely responsible for and shall comply with all applicable laws and regulations relating to(a)the 4 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD11 B87EDAF TM P(bwerDMS NEOGOV Digital Management Software accuracy and completeness of all information input,submitted,or uploaded to the Services,(b)the privacy of users of the Services,including,without limitation,providing appropriate notices to and obtaining appropriate consents from any individuals to whom Customer Data relates;and(c)the collection,use,modification,alteration,extraction, retention, copying, external storage, disclosure, transfer, disposal, and other processing of any Customer Data. NEOGOV is not responsible for lost data caused by the action or inaction of Customer or Authorized Users.Unless otherwise mutually agreed in writing,Customer shall not maintain any financial,health,payment card,or similarly sensitive data that imposes specific data security or data protection obligations within the Services.Customer shall provide and institute all appropriate tools and procedures required to ensure the security of its own information system and,more specifically,to prevent,detect and destroy the occurrence of any viruses. e) Breach Notice. NEOGOV will notify Customer of unauthorized access to, or unauthorized use, loss or disclosure of Customer Data within its custody and control(a"Security Breach")within 72 hours of NEOGOV's confirmation of the nature and extent of the same or when required by applicable law, whichever is earlier. Each party will reasonably cooperate with the other with respect to the investigation and resolution of any Security Breach. If applicable law or Customer's policies require notification of its Authorized Users or others of the Security Breach, Customer shall be responsible for such notification. f) Data Export,Retention and Destruction. Customer may export or delete Customer Data from the Services at any time during a Subscription Term,using the existing features and functionality of the Services.Customer is solely responsible for its data retention obligations with respect to Customer Data. If and to the extent Customer cannot export or delete Customer Data stored on NEOGOV's systems using the then existing features and functionality of the Services, NEOGOV will,upon Customer's written request,make the Customer Data available for export by Customer or destroy the Customer Data. If Customer requires the Customer Data to be exported in a different format than provided by NEOGOV, such additional services will be subject to a separate agreement on a time and materials basis. Except as otherwise required by applicable law,NEOGOV will have no obligation to maintain or provide any Customer Data more than ninety (90)days after the expiration or termination of this Agreement. Customer acknowledges that it is solely responsible for determining any retention requirements with respect to the Customer Data as required by applicable law and NEOGOV disclaims all liability in connection with such determination. In addition,to the extent Customer requests that NEOGOV retain Customer Data beyond the expiration of the retention period required by applicable law,rule or regulation,NEOGOV disclaims all liability in in connection with retaining such Customer Data including but not limited to any claims related to loss or destruction of such Customer Data. 11. Third Party Services.The Services may permit Customer and its Authorized Users to access services or content provided by third parties through the Services("Third Party Services").Customer agrees that NEOGOV is not the original source and shall not be liable for any inaccuracies contained in any content provided in any of the Third Party Services. NEOGOV makes no representations,warranties or guarantees with respect to the Third Party Services or any content contained therein. NEOGOV may discontinue access to any Third Party Services through the Services if the relevant agreement with the applicable third party no longer permits NEOGOV to provide such access.If loss of access to any Third Party Services(to which Customer has a subscription under this Agreement)occurs during a Subscription Term,NEOGOV will refund to Customer any prepaid fees for such Third Party Services covering the remainder of the Subscription Term. 12. Nondisclosure. a) Definition of Confidential Information. "Confidential Information" means all information disclosed by a party ("Disclosing Party")to the other party("Receiving Party"),whether orally or in writing,that is designated as confidential or that reasonably should be understood to be confidential given the nature of the information and the circumstances of disclosure. Customer's Confidential Information includes its Customer Data. NEOGOV Confidential Information includes the NEOGOV Intellectual Property and the Services. The Confidential Information of each party includes the terms and conditions of this Agreement and all Order Forms(including pricing),as well as business and marketing plans, technology and technical information, product plans and designs, and business processes disclosed by such party. However,Confidential Information does not include any information that(a)is or becomes generally known to the public without breach of any obligation owed to the Disclosing Party,(b)was known to the Receiving Party prior to its disclosure by the Disclosing Party without breach of any obligation owed to the Disclosing Party,(c)is received from a third party without breach of any obligation owed to the Disclosing Party, or(d)was independently developed by the Receiving Party. b) Obligations. The Receiving Party will: (i)use the same degree of care it uses to protect the confidentiality of its own confidential information of like kind(but not less than reasonable care);(ii)not use any Confidential Information of the Disclosing Party for any purpose outside the scope of this Agreement and(iii) except as otherwise authorized by the Disclosing Party in writing,limit access to Confidential Information of the Disclosing Party to those of its employees and contractors who need access for purposes consistent with this Agreement and who have signed confidentiality 5 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD11 B87EDAF r ` 'TM P(bwerDMS N E l , V Digital Management Software VVV VVV ��»,III A NeOWV Cwn p" agreements with the Receiving Party containing protections not less protective of the Confidential Information than those herein. c) Exceptions.The Receiving Party may disclose Confidential Information of the Disclosing Party to the extent compelled by law to do so,provided the Receiving Party gives the Disclosing Party prior notice of the compelled disclosure(to the extent legally permitted)and reasonable assistance,at the Disclosing Party's cost,if the Disclosing Party wishes to contest the disclosure. d) Equitable Relief.The parties recognize and agree there is no adequate remedy at law for breach of the provisions of the confidentiality obligations set forth in this Section 12,that such a breach would irreparably harm the Disclosing Party and the Disclosing Party is entitled to seek equitable relief(including,without limitation,an injunction)with respect to any such breach or potential breach in addition to any other remedies available to it at law or in equity. 13. Representations,Warranties,and Disclaimers. a) Mutual Representations. Each party represents and warrants to the other party that(i)it has full power and authority under all relevant laws and regulations and is duly authorized to enter into this Agreement;and(ii)to its knowledge,the execution,delivery and performance of this Agreement by such party does not conflict with any agreement,instrument or understanding,oral or written,to which it is a party or by which it may be bound,nor violate any law or regulation of any court,governmental body or administrative or other agency having jurisdiction over it. b) Service Performance Warranty. NEOGOV warrants that it provides the Services using a commercially reasonable level of care and skill and in a professional manner in accordance with generally recognized industry standards for similar services and the Service Specifications.NEOGOV's performance warranty includes,but is not limited to the following: (i)NEOGOV shall promptly and diligently perform and reperform the Service which is not in compliance with the specifications, representations and warranties at no additional cost to the City; (ii)maintain the service in accordance with any specifications and meet all availability and system performance service levels as specified in any Statement of Work and/or Service Level Agreement (SLA); (iii) promptly coordinate with the City all tasks related to correcting problems and deficiencies connected with any service; (iv) not disable any City software. If NEOGOV and/or City reasonably determines that NEOGOV is unable to remedy such deficiencies, NEOGOV or City may terminate the Agreement or service under the Agreement and NEOGOV shall issue a prorated refund to the City of the fees previously paid for the unused term of the Order Form or SOW. c) No Other Warranty. EXCEPT FOR THE EXPRESS WARRANTIES SET FORTH IN THIS WARRANTY SECTION, THE SERVICES ARE PROVIDED ON AN"AS IS"BASIS,AND CUSTOMER'S USE OF THE SERVICES IS AT ITS OWN RISK.NEOGOV DOES NOT MAKE,AND HEREBY DISCLAIMS,ANY AND ALL OTHER EXPRESS AND/OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT AND TITLE, AND ANY WARRANTIES ARISING FROM A COURSE OF DEALING,USAGE, OR TRADE PRACTICE. NEOGOV DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED,ERROR-FREE,OR COMPLETELY SECURE,OR THAT ANY ERROR WILL BE CORRECTED. d) Disclaimer of Actions Caused by and/or Under the Control of Third Parties. NEOGOV DOES NOT AND CANNOT CONTROL THE FLOW OF DATA TO OR FROM THE NEOGOV SYSTEM AND OTHER PORTIONS OF THE INTERNET. SUCH FLOW DEPENDS IN LARGE PART ON THE PERFORMANCE OF INTERNET SERVICES PROVIDED OR CONTROLLED BY THIRD PARTIES. AT TIMES,ACTIONS OR INACTIONS OF SUCH THIRD PARTIES CAN IMPAIR OR DISRUPT CUSTOMER'S CONNECTIONS TO THE INTERNET (OR PORTIONS THEREOF). ALTHOUGH NEOGOV WILL USE COMMERCIALLY REASONABLE EFFORTS TO TAKE ALL ACTIONS IT DEEMS APPROPRIATE TO REMEDY AND AVOID SUCH EVENTS, NEOGOV CANNOT GUARANTEE THAT SUCH EVENTS WILL NOT OCCUR. ACCORDINGLY,NEOGOV DISCLAIMS ANY AND ALL LIABILITY RESULTING FROM OR RELATED TO SUCH EVENTS OR WITH RESPECT TO ANY THIRD PARTY SERVICES. e) No Medical Advice.Through certain Services,NEOGOV may make certain telehealth related information available to Customer and/or facilitate user access to telemedicine, expert medical services, and/or emergency medical services. NEOGOV is independent from healthcare providers who provide telemedicine services and is not responsible for such healthcare providers' acts,omissions or for any content or communications made by them.The Services do not provide medical advice and do not create a healthcare provider/patient relationship between Customer and NEOGOV or otherwise.Any Services,or content accessed from the Services,are for informational purposes only and do not constitute medical advice. Customer should seek professional medical advice,diagnosis,and/or treatment for any and all medical conditions,whether as a result of using Services or otherwise.NEOGOV IS NOT RESPONSIBLE OR LIABLE FOR 6 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD11 B87EDAF TM P(bwerDMS NEOGOV Digital Management SofANEDGMtware 1 ANY ADVICE, COURSE OF TREATMENT,DIAGNOSIS OR ANY OTHER TREATMENT OR INFORMATION THAT CUSTOMER OR ITS USERS MAY OBTAIN THROUGH THE USE OF THE SERVICES. 14. Indemnification. a) Customer Indemnity. To the extent permitted by applicable law, Customer will defend and indemnify NEOGOV from and against any claim, demand, suit or proceeding made or brought against NEOGOV (i) by a third party alleging that any Customer Data infringes or misappropriates such third party's intellectual property rights, (ii) in connection with Customer's violation of any applicable laws, or (iii) any claim or allegation by any third party resulting from or related to Customer's or any of its Authorized User's breach of Section 3 of this Agreement. b) NEOGOV Indemnity. Subject to subsections 14(b)(i) through 14(b)(iii) and 14(c) of this Section,if a third party makes a claim against Customer that any NEOGOV intellectual property furnished by NEOGOV and used by Customer infringes a third party's intellectual property rights,NEOGOV will defend the Customer against the claim and indemnify the Customer from the damages and liabilities awarded by the court to the third-party claiming infringement or the settlement agreed to by NEOGOV. i) Alternative Resolution.If NEOGOV believes or it is determined that any of the Services may have violated a third parry's intellectual property rights, NEOGOV may choose to either modify the Services to be non- infringing or obtain a license to allow for continued use.If these alternatives are not commercially reasonable, NEOGOV may end the subscription or license for the Services and refund a pro-rata portion of any fees covering the whole months that would have remained,absent such early termination,following the effective date of such early termination. ii) No Duty to Indemnify. NEOGOV will not indemnify Customer if Customer alters the Service or Service Specifications, or uses it outside the scope of use or if Customer uses a version of the Service or Service Specifications which has been superseded, if the infringement claim could have been avoided by using an unaltered current version of the Services or Service Specifications which was provided to Customer,or if the Customer continues to use the infringing material after the subscription expires.NEOGOV will not indemnify the Customer to the extent that an infringement claim is based upon any information, design, specification, instruction,software,data,or material not furnished by NEOGOV.NEOGOV will not indemnify Customer for any portion of an infringement claim that is based upon the combination of Service or Service Specifications with any products or services not provided by NEOGOV(Third Party Products),unless the Service or Service Specifications refers to or recommends use of or combination with such Third Party Product.NEOGOV will not indemnify Customer for infringement caused by Customer's actions against any third party if the Services as delivered to Customer and used in accordance with the terms of the Agreement would not otherwise infringe any third-party intellectual property rights. iii) Exclusive Remedy.This Section provides the exclusive remedy for any intellectual property infringement claims or damages against NEOGOV. c) Indemnification Procedures.In order to receive the indemnities described hereunder,the indemnified party must:(i) promptly notify the indemnifying party,in writing,of any claim;(ii)cooperate reasonably with indemnifying party, at the indemnifying party's expense,in the defense and/or settlement thereof,and(iii)allow the indemnifying party to control the defense and/or settlement thereof except that the indemnifying party may not,without the indemnified party's prior written consent, enter into any settlement that does not unconditionally release the indemnified party from liability. The indemnified party shall have the right to participate in any defense of a claim and/or to be represented by counsel of its own choosing at its own expense,provided that ultimate control of such defense shall remain solely with the indemnifying party. 15. Limitations of Liability. a) EXCLUSION OF DAMAGES. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL EITHER PARTY BE LIABLE UNDER OR IN CONNECTION WITH THIS AGREEMENT OR ITS SUBJECT MATTER UNDER ANY LEGAL OR EQUITABLE THEORY, INCLUDING BREACH OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, AND OTHERWISE, INCLUDING FOR ANY: (a) LOSS OF PRODUCTION, USE, BUSINESS, REVENUE, OR PROFIT OR DIMINUTION IN VALUE; (b) IMPAIRMENT, INABILITY TO USE OR LOSS, INTERRUPTION OR DELAY OF THE SERVICES;(c) LOSS, DAMAGE, CORRUPTION OR RECOVERY OF DATA, OR BREACH OF DATA OR SYSTEM SECURITY; (d) COST OF REPLACEMENT GOODS OR SERVICES; (e) LOSS OF GOODWILL, LOSS OF BUSINESS OPPORTUNITY OR PROFIT,OR LOSS OF REPUTATION;OR(f)CONSEQUENTIAL, 7 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD11 B87EDAF TM P(bwerDMS NEOGOV Digital Management Software ANEOGOv cam.q INCIDENTAL INDIRECT, EXEMPLARY, SPECIAL, ENHANCED, OR PUNITIVE DAMAGES, REGARDLESS OF WHETHER SUCH PERSONS WERE ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE, AND NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS ESSENTIAL PURPOSE. b) CAP ON MONETARY LIABILITY. EXCEPT FOR DAMAGES ARISING OUT OF LIABILITY WHICH CANNOT BE LAWFULLY EXCLUDED OR LIMITED, FRAUD, GROSS NEGLIGENCE OR WILLFUL MISCONDUCT OF EITHER PARTY,OR CUSTOMER'S OBLIGATIONS TO MAKE PAYMENT UNDER THIS AGREEMENT,THE TOTAL AGGREGATE LIABILITY OF EITHER PARTY FOR ANY AND ALL CLAIMS AGAINST THE OTHER PARTY UNDER THIS AGREEMENT,WHETHER ARISING UNDER OR RELATED TO BREACH OF CONTRACT,TORT(INCLUDING NEGLIGENCE), STRICT LIABILITY,OR ANY OTHER LEGAL OR EQUITABLE THEORY, SHALL NOT EXCEED (I) FOR NEOGOV'S BREACH OF ITS DATA SECURITY AND PRIVACY OBLIGATIONS UNDER SECTION 10 TWO TIMES(2X)THE AMOUNT OF ALL PAYMENTS ACTUALLY RECEIVED BY NEOGOV FROM CUSTOMER IN CONNECTION WITH THIS AGREEMENT IN THE 12 MONTH PERIOD PRECEDING THE DATE OF THE EVENT INITIALLY GIVING RISE TO SUCH LIABILITY; AND (II) FOR ALL OTHER CLAIMS, THE AMOUNT OF ALL PAYMENTS ACTUALLY RECEIVED BY NEOGOV FROM CUSTOMER IN CONNECTION WITH THIS AGREEMENT IN THE 12 MONTH PERIOD PRECEDING THE DATE OF THE EVENT INITIALLY GIVING RISE TO SUCH LIABILITY. THE FOREGOING LIMITATION OF LIABILITY IS CUMULATIVE WITH ALL PAYMENTS FOR CLAIMS OR DAMAGES IN CONNECTION WITH THIS AGREEMENT BEING AGGREGATED TO DETERMINE SATISFACTION OF THE LIMIT. THE EXISTENCE OF ONE OR MORE CLAIMS WILL NOT ENLARGE THE LIMIT. THE PARTIES ACKNOWLEDGE AND AGREE THAT THIS LIMITATION OF LIABILITY IS AN ESSENTIAL ELEMENT OF THE BASIS OF THE BARGAIN BETWEEN THE PARTIES AND SHALL APPLY NOTWITHSTANDING THE FAILURE OF THE ESSENTIAL PURPOSE OF ANY LIMITED REMEDY. NOTWITHSTANDING THE FOREGOING,NOTHING HEREIN SHALL BE CONSTRUED AS CONSTITUTING A WAIVER OF THE CITY'S GOVERNMENTAL IMMUNITY FROM SUIT OR LIABILITY OR STATUTORY DAMAGE CAPS AS PROVIDED TO THE CITY UNDER LAW. 16. Reimbursement of Costs in Third Party Litigation. With respect to any litigation or other court proceeding involving Customer and a third party,if any subpoena or other legally binding request related to such litigation or court proceeding is served to NEOGOV requesting copies of documents maintained by NEOGOV or otherwise requesting NEOGOV to appear as a witness in any capacity or provide testimony with respect to Customer's documentation, Customer shall reimburse NEOGOV for its out-of-pocket costs associated with compliance with such request,including but not limited to NEOGOV's reasonable attorneys'fees 17. Text Message Communications.NEOGOV may offer Personnel the opportunity to receive text messages regarding job application or hiring process reminders,applicant status updates,or other human resource related notices. Since these text message services depend on the functionality of third-party providers,there may be technical delays on the part of those providers.NEOGOV may make commercially reasonable efforts to provide alerts in a timely manner with accurate information,but cannot guarantee the delivery,timeliness,or accuracy of the content of any alert.NEOGOV shall not be liable for any delays,failure to deliver,or misdirected delivery of any alert;for any errors in the content of an alert;or for any actions taken or not taken by you or any third party in reliance on an alert. NEOGOV cannot vouch for the technical capabilities of any third parties to receive such text messages.To the extent you utilize text messaging features, NEOGOV shall not be responsible for your use of such features,and you shall indemnify NEOGOV with respect to any damages resulting from your use including but not limited any violations of applicable law. NEOGOV MAKES NO WARRANTIES OR REPRESENTATIONS OF ANY KIND,EXPRESS,STATUTORY,OR IMPLIED AS TO:(i)THE AVAILABILITY OF TELECOMMUNICATION SERVICES; (ii)ANY LOSS,DAMAGE,OR OTHER SECURITY INTRUSION OF THE TELECOMMUNICATION SERVICES;AND(iii)ANY DISCLOSURE OF INFORMATION TO THIRD PARTIES OR FAILURE TO TRANSMIT ANY DATA, COMMUNICATIONS, OR SETTINGS CONNECTED WITH THE SERVICES. 18. Publicity. Unless otherwise provided in the applicable Order Form, NEOGOV may identify Customer as one of its customers and use Customer's logo for such purposes, subject to any trademark usage requirements specified by Customer. 19. Force Majeure.Except for Customer's payment obligations to NEOGOV,neither party shall be liable for any damages, costs, expenses or other consequences incurred by the other party or by any other person or entity for any act, circumstance, event, impediment or occurrence beyond such party's reasonable control, including,without limitation: (a)acts of God;(b)changes in or in the interpretation of any law,rule,regulation or ordinance;(c)strikes,lockouts or 8 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD11 B87EDAF TM P(bwerDMS N EOGOV Digital Management Software other labor problems;(d)transportation delays; (e)unavailability of supplies or materials;(f)fire or explosion;(g)riot, pandemic,military action or usurped power; (h)actions or failures to act on the part of a governmental authority; (i) internet service interruptions or slowdowns, vandalism or cyber-attacks, or 0) any other cause beyond the reasonable control of such party. 20. Independent Contractor,No Third Party Beneficiary;Fulfillment Partners.The relationship of the parties shall be deemed to be that of an independent contractor and nothing contained herein shall be deemed to constitute a partnership between or a joint venture by the parties hereto or constitute either party the employee or agent of the other. Customer acknowledges that nothing in this Agreement gives Customer the right to bind or commit NEOGOV to any agreements with any third parties. This Agreement is not for the benefit of any third party and shall not be deemed to give any right or remedy to any such party whether referred to herein or not.NEOGOV may designate any third-party affiliate,or other agent or subcontractor(each a"Fulfillment Partner"),without notice to, or the consent of, Customer,to perform such tasks and functions to complete any Services. 21. Entire Agreement;Amendment;Addendum.This Services Agreement,the Exhibits hereto,each Addendum(as may be applicable pursuant to the terms therein) and documents incorporated herein,the applicable Order Form, and Special Conditions (if any) constitute the entire agreement between the parties with respect to the subject matter hereof and supersede all prior or contemporaneous oral and written statements of any kind whatsoever made by the parties with respect to such subject matter. It is expressly agreed that the terms of this Agreement and any NEOGOV Order Form shall supersede the terms in any non-NEOGOV purchase order or other ordering document. Notwithstanding the foregoing,any conflict of terms shall be resolved by giving priority in accordance with the following order: 1)Special Conditions(if any),2)NEOGOV Order Form, 3)the NEOGOV Services Agreement, and 4) incorporated documents (including the Exhibits and each applicable Addendum). This Agreement supersedes the terms and conditions of any clickthrough agreement associated with the Services.This Agreement may not be modified or amended(and no rights hereunder may be waived)except through a written instrument signed by the parties to be bound. If you are subscribing for the HRIS or PowerEngage Platform,you hereby specifically agree to the terms of the applicable Addendum set forth on the NEOGOV Site. 22. General. a) Governing Law and Venue.This Agreement shall be governed by and construed in accordance with the laws of the state of California,without giving effect to conflict of law rules. Any legal action or proceeding relating to this Agreement shall be instituted only in any state or federal court in Los Angeles,California. b) Severability.If any provision of this Agreement is held to be illegal or unenforceable,such provision shall be limited or eliminated to the minimum extent necessary so that the remainder of this Agreement will continue in full force and effect.Provisions that survive termination or expiration are those relating to,without limitation, accrued rights to payment,acknowledgements and reservations of proprietary rights,confidentiality obligations,warranty disclaimers, and limitations of liability,and others which by their nature are intended to survive. c) Notices.All notices or other communications required or permitted hereunder shall be in writing and shall be deemed to have been duly given either when personally delivered, one(1)business day following delivery by recognized overnight courier or electronic mail, or three (3) business days following deposit in the U.S. mail, registered or certified,postage prepaid,return receipt requested. All such communications shall be sent to (i) Customer at the address set forth in the Order Form and(ii)NEOGOV at the address specified in the applicable Order Form. d) Waiver.The waiver,express or implied,by either party of any breach of this Agreement by the other party will not waive any subsequent breach by such party of the same or a different kind.This Agreement may be executed in two or more counterparts,each of which will be deemed an original,but all of which taken together shall constitute one and the same instrument. e) Electronic Delivery. Delivery of a copy of this Agreement or an Order Form bearing an original signature by electronic mail or by any other electronic means will have the same effect as physical delivery of the paper document bearing the original signature. f) Assignment.Customer may not assign this Agreement without the express written approval of NEOGOV Any attempt at assignment in violation of this Section shall be null and void. g) Construction.The parties intend this Agreement to be construed without regard to any presumption or rule requiring construction or interpretation against the party drafting an instrument or causing any instrument to be drafted. The exhibits,addendum,schedules,attachments,and appendices referred to herein are an integral part of this Agreement to the same extent as if they were set forth verbatim herein. 9 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD11 B87EDAF IIM NmerDMS NEOGOV Digital Manageinei�t Sn"tvm r A NEOGOV Lemp-W h) Subcontractors. For purposes of this Agreement, including any subsequent documentation requested by Customer pursuant to this Agreement, subcontractors are those specifically hired to provide to NEOGOV some or all of the services that are the subject of this Agreement and who will have access to Customer personal data, and does not include the general provision of services or utilities which are also provided to NEOGOV's other customers as well as Customer. IN WITNESS WHEREOF,the parties have caused this Agreement to be executed by their respective duly authorized officers as of the date set forth below,and consent to the Agreement. Customer GovermentJobs.com,Inc.(DB/A/NEOGOV),on behalf of itself and its subsidiaries PowerDMS,Inc.,Cuehit,Inc., Ragnasoft LLC(DB/A/P1anIT Schedule),and Design PD, LLC DB/A A enc 360 Entity Name: City Of Kent DocuSigned by: 9114A Pviws Signature: Signature: zos aDanscsoass... Print Name: Dana Ralph Print Name: Amy Prins Date: 08/05/2024 Date: 7/25/2024 1 3:21:04 PM PDT 10 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD11 B87EDAF TM P(bwerDM S NEOGOV Digital Management 5oftwar, R HEflCOY CanP�+Y Exhibit A Government Customer Addendum If Customer is a Government Customer,the following Government Customer Addendum("Government Addendum")forms part of the Services Agreement,and in the case of any conflict or inconsistency between the terms and provisions of this Addendum and any other provision of the Services Agreement,the terms of this Government Addendum shall control. For purposes hereof,a "Government Customer" means a Customer which is a (a) U.S. Federal agency, (b) state government, agency, department, or political subdivision(including a city,county or municipal corporation),or(c)instrumentality of any of the foregoing(including a municipal hospital or municipal hospital district,police or fire department,public library,park district,state college or university, Indian tribal economic development organization,or port authority). 1. Applicability. The provisions of this Addendum shall apply only if Customer is a Government Customer under the Services Agreement. 2. Termination for Non-Appropriation of Funds. If Customer is subject to federal, state or local law which makes Customer's financial obligations under this Services Agreement contingent upon sufficient appropriation of funds by the applicable legislature(or other appropriate governmental body),and if such funds are not forthcoming or are insufficient due to failure of such appropriation, then Customer will have the right to terminate the Services Agreement at no additional cost and with no penalty by giving prior written notice documenting the lack of funding.Customer will provide at least thirty (30) days advance written notice of such termination. Customer will use reasonable efforts to ensure appropriated funds are available.It is expressly agreed that Customer shall not activate this non-appropriation provision for its convenience or to circumvent the requirements of this Agreement,but only as an emergency fiscal measure during a substantial fiscal crisis,which affects generally its fiscal operations. If Customer terminates the Services Agreement under this Section 21 Customer agrees not to replace the Services with functionally similar products or services for a period of one year after the termination of the Services Agreement. 3. Indemnification. If Customer is prohibited by federal,state or local law from agreeing to hold harmless or indemnify third parties,Section 14(a)and the indemnification provision included in Section 17 of the Services Agreement shall not apply to Customer,to the extent disallowed by applicable law. 4. Open Records.If the Customer is subject to federal or state public records laws,including laws styled as open records, freedom of information,or sunshine laws("Open Records Laws")the confidentiality requirements of Section 12 of the Services Agreement apply only to the extent permitted by Open Records Laws applicable to the Customer.This Section is not intended to be a waiver of any of the provisions of the applicable Open Records Laws,including,without limitation, the requirement for the Customer to provide notice and opportunity for NEOGOV to assert an exception to disclosure requirements in accordance with the applicable Open Records laws. 5. Cooperative Purchasing. As permitted by law,it is understood and agreed by Customer and NEOGOV that any(i) federal,state,local,tribal,or other municipal government(including all administrative agencies,departments,and offices thereof);(ii)any business enterprise in which a federal,state,local,tribal or other municipal entity has a full,majority, or other controlling interest; and/or (iii) any public school (including without limitation K-12 schools, colleges, universities,and vocational schools)(collectively referred to as the"New Entity")may purchase the Services specified herein in accordance with the terms and conditions of this Agreement. It is also understood and agreed that each New Entity will establish its own contract with NEOGOV,be invoiced therefrom and make its own payments to NEOGOV in accordance with the terms of the contract established between the New Entity and NEOGOV. With respect to any purchases by a New Entity pursuant to this Section, Customer: (i) shall not be construed as a dealer, re-marketer, representative, partner or agent of any type of NEOGOV, or such New Entity; (ii) shall not be obligated, liable or responsible for any order made by New Entities or any employee thereof under the agreement or for any payment required to be made with respect to such order; and(iii) shall not be obliged, liable or responsible for any failure by any New Entity to comply with procedures or requirements of applicable law or to obtain the due authorization and approval necessary to purchase under the agreement. Termination of this Agreement shall in no way limit NEOGOV from soliciting,entering into,or continuing a contractual relationship with any New Entity.Any New Entity who purchases Services under this Section hereby represents that is has the authority to use this Services Agreement for the purchase and that the use of the Services Agreement for the purchase is not prohibited by law or procurement regulations applicable to the New Entity. 6. Subcontractors. For purposes of this Agreement, including any subsequent documentation requested by Customer pursuant to this Agreement, the term "subcontractors" shall exclude subcontractors (i)who perform routine software development and maintenance services which are not specific to the Customer,(ii)subcontractors who will not have any 11 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD11 B87EDAF TM P(bwerDMS NE l n 1GOVDigital Management Software V R NEMOV Cww" access to Customer Data, and (iii) subcontractors who have access to Customer Data solely within NEOGOV's or Customer's systems. 12 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD11 B87EDAF TM P(bwerDM S NEOGOV Digital Management 5ottwar, R HEflC0Y CanP�+Y Exhibit B Integration Terms Addendum NEOGOV offers integrations and platform APIs for integrations to third party systems("Integration Services"). Customer may use only those Integration Services purchased or subscribed to as listed within the NEOGOV Order Form. The following terms(the"Integration Terms Addendum")shall apply to the extent that Customer utilizes a system integration between the Services and either: (a) an affiliated integrated service, including those found at hops://api.neogov.com/connect/marketplace.html and/or hops://gpidocs.powerdms.com("Affiliated API") or to the extent that Customer utilizes a system integration between the Services and an unaffiliated third-party service ("Customer Application")integrated using NEOGOV's open API("Open API"). Integration Services are not available for HRIS Services and this Exhibit B shall not apply to HRIS Services. 1. Provision of Integrations. tions. Subject to and conditioned on compliance with all terms and conditions set forth in this Agreement,NEOGOV hereby grants Customer a limited,revocable,non-exclusive,non-transferable,non-sublicensable license during the applicable Term to use and/or access the Affiliated API as described in this Agreement,or the Open API for communication between Customer's human resource related third application(s) that will interoperate with NEOGOV Services(collectively these uses shall be referred to as the"API"or"Integration").Customer acknowledges there are no implied licenses granted under this Agreement.NEOGOV reserves all rights that are not expressly granted. Customer may not use the API for any other purpose without our prior written consent.Customer may not share the API with any third party,must keep the API and all log-in information secure,and must use the API key as Customer sole means of accessing the API. 2. Integration Intellectual Property.All right,title,and interest in the API and any and all information,data,documents, materials,inventions,technologies,know-how,descriptions,requirements,plans,reports,works,intellectual property, software, hardware, systems, methods, processes, and inventions, customizations,enhancements, improvements and other modifications based on or derived from the API are and will remain,as appropriate,with NEOGOV.All right,title, and interest in and to the third-party materials,includingall intellectual property rights therein,are and will remain with their respective third-party rights holders subject to the terms and conditions of the applicable third-party license agreements.Customer has no right or license with respect to any third-party materials except as expressly licensed under such third-party license agreements. 3. Integration Terms of Use.Except as expressly authorized under this Agreement,you may not remove any proprietary notices from the API;use the API in any manner or for any purpose that infringes,misappropriates,or otherwise violates any intellectual property rightor other right of any person,or that violates any applicable law;combine or integrate the API with any software, technology, services, or materials not authorized by NEOGOV; design or permit Customer Application(s) to disable, override, or otherwise interfere with any NEOGOV-implemented communications to end users, consent screens, user settings, alerts, warning, or the like; use the API in any of Customer Application(s)to replicate or attempt to replace the user experience of the Services;or attempt to cloak or conceal Customer identity or the identity of Customer Application(s)when requesting authorization to use the API. 4. Customer Integration Responsibilities. Customer,Customer developed web or other software services or applications, and Customer third-party vendors that integrate with the API(collectively the"Customer Applications"),shall comply with all terms and conditions of this Agreement,all applicable laws,rules,and regulations,and all guidelines,standards, and requirements that may be posted on https://api.neogov.com/connect/index.html and/or hgps:HUidoes.powerdms.com from time to time.In addition,Customer will not use the API in connection with or to promote any products,services,or materials that constitute,promote,or are used primarily for the purpose of dealing in spyware,adware,or other malicious programs or code,counterfeit goods,items subject to U.S.embargo,unsolicited mass distribution of email("spam"),multi-level marketing proposals,hate materials,hacking, surveillance, interception, or descrambling equipment,libelous,defamatory,obscene,pornographic,abusive,or otherwise offensive content,stolen products,and items used for theft,hazardous materials,or any illegal activities. 5. Cooperation.If applicable,Customer shall timely provide such cooperation,assistance,and information as NEOGOV reasonably requests to enable the API.NEOGOV is not responsible or liable for any late delivery or delay or failure of performance caused in wholeor in part by Customer's delay in performing,or failure to perform,any of its obligations under this Agreement.NEOGOV will provide Customer maintenance and support services for API issues arising from the information technology designed,developed,and under then current control of NEOGOV.NEOGOV shall have no obligation to provide maintenance or support for issues arising from the inaction or action of Customer or third parties of which are outside NEOGOV control. 6. Provision of Open API.In the event license fees or other payments are not due in exchange for the right to use and access the Open API,you acknowledge and agree that this arrangement is made in consideration of the mutual covenants set forth 13 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD11 B87EDAF r ` �TM P(bwerDMS N E l , V Digital Management Softwarc VVV ��»,III A NEaaov ca wwy in this Agreement,including,without limitation,the disclaimers,exclusions,and limitations of liability set forth herein. Notwithstanding the foregoing,NEOGOV reserves the right to charge for access with effect from the start of each Renewal Term by giving Customer at least ninety(90)day notice prior to commencement of a Renewal Term. 7. API Key.In order to use and access the Open API,you must obtain an Open API key through the registration process. Customer agrees to monitor Customer Applications for any activity that violates applicable laws,rules and regulation,or any terms and conditions of this Agreement,including any fraudulent, inappropriate, or potentially harmful behavior. This Agreement does not entitle Customer to any support for the Open API. You acknowledge that NEOGOV may update or modify the Open API from time to time and at our sole discretion and may require you to obtain and use the most recent version(s). You are required to make any such changes to Customer Applications that are required for integration as a result of such Update at Customer sole cost and expense.Updates may adversely affect how Customer Applications communicate with the Services. 8. Efficient Processing.You must use efficient programming,which will not cause an overwhelming number of requests to be made in too short a period of time,as-determined solely by NEOGOV.If this occurs,NEOGOV reserves the right to throttle your API connections,or suspend or terminate your access to the Open API. NEOGOV shall use reasonable efforts to provide Customer notice and reasonable time to cure prior to taking such actions. 9. Oven API Limitations. TO THE FULLEST EXTENT PERMITTED UNDER APPLICABLE LAW, IN NO EVENT WILL NEOGOV BE LIABLE TO CUSTOMER OR TO ANY THIRD PARTY UNDER ANY TORT,CONTRACT, NEGLIGENCE,STRICT LIABILITY,OR OTHER LEGAL OR EQUITABLE THEORY FOR ANY DIRECT,LOST PROFITS, LOST OR CORRUPTED DATA, COMPUTER FAILURE OR MALFUNCTION, INTERRUPTION OF BUSINESS, OR OTHER SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND ARISING OUT OF THE USE OR INABILITY TO USE THE OPEN API; OR ANY DAMAGES, IN THE AGGREGATE, IN EXCESS OF FIFTY DOLLARS, EVEN IF NEOGOV HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGES AND WHETHER OR NOT SUCH LOSS OR DAMAGES ARE FORESEEABLE OR NEOGOV WAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.ANY CLAIM YOU MAY HAVE ARISING OUT OF OR RELATING TO THIS AGREEMENT MUST BE BROUGHT WITHIN ONE YEAR AFTER THE OCCURRENCE OF THE EVENT GIVING RISE TO SUCH CLAIM. 10. Oven API Termination. Notwithstanding the additional Termination rights herein, NEOGOV may immediately terminate or suspend Customer access to Open APIs in our sole discretion at any time and for any reason,with or without notice or cause. In addition, your Open API subscription will terminate immediately and automatically without any notice if you violate any of the terms and conditions of this Agreement. 14 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF Data Processing Addendum This Data Processing Addendum ("DPA") supplements and forms part of the NEOGOV Services Agreement or other written or electronic agreement between NEOGOV and Customer for the purchase of online services from NEOGOV (hereinafter defined as "Services") (the "Services Agreement"). Any references to the Services Agreement will be construed as including this DPA. All capitalized terms not defined herein shall have the meaning given to them in the Services Agreement. 1. DEFINITIONS "Affiliate"means any entity that directly or indirectly controls, is controlled by,or is under common control with the subject entity. "Control,"for purposes of this definition, means direct or indirect ownership or control of more than 50%of the voting interests of the subject entity. "Controller"means the entity which determines the purposes and means of the Processing of Personal Data. "Data Protection Laws and Regulations"means,to the extent applicable: (a)the UK Data Protection Act 2018 and UK General Data Protection Regulation 2021 ("UK GDPR"); (b) Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("General Data Protection Regulation"or"GDPR");(c)the California Consumer Privacy Act of 2018,California Civil Code § 1798.100 et seq., including its effective amendments and regulations thereto ("California Consumer Privacy Act"or"CCPA"); (d)the Swiss Federal Act on the Protection of Data("FAPD")and (e)any other legally-binding data protection laws, rules, regulations, or implementing legislation applicable to NEOGOV's processing of Customer Personal Data, in eachcase, to the extent applicable to NEOGOV's Processing of Personal Data under the Services Agreement. "Data Subject"means,as applicable the identified or identifiable natural person to whom Personal Data relates as defined by Data Protection Laws and Regulations. "NEOGOV Group" means NEOGOV and its Affiliates engaged in the Processing of Personal Data under the Services Agreement. "Personal Data" means any information relating to an identified or identifiable Data Subject where such information is provided to Processor by or on behalf of Controller, and maintained on behalf of, Controller by Processor within its Services environment, and is the type of information protected as "personal data" under Data Protection Laws and Regulations. "Processing" means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. "Processor"means the entity which Processes Personal Data on behalf of the Controller. "Standard Contractual Clauses" means the standard contractual clauses for Processors annexed to the European Commission's decision (EU)2021/914 of June 4 2021, as may be amended, updated, superseded or replaced from time to time for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection. "Sub-processor"means any Processor directly contracted by NEOGOV or a member of the NEOGOV Group to help NEOGOV provide the Services under the Services Agreement. "Supervisory Authority" means an independent public authority which is established by an EU Member State pursuant to the GDPR. 2. Processing of Personal Data. To the extent NEOGOV Processes Personal Data on behalf of Customerin connection with the Services Agreement,it shall do so in accordance with the requirements of the Data Protection Laws and Regulations directlyapplicable to NEOGOV in the provision of its Services under the Services Agreement. The parties agree thatwith regard to the Processing of Personal Data by NEOGOV on behalf of Customer, Customer is the Controller, NEOGOV is the Processor and that NEOGOV and/or members of the NEOGOV Group will engage Sub-processors. 1 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF 3. Customer Responsibilities. When using the Services, Customer shall Process Personal Data in accordance with Data Protection Laws and Regulations, including maintaining lawful basis (e.g., consent) and rights to use and provide Personal Data, as part of Customer Data. Customer's instructions for the Processing of Personal Data shall comply with Data Protection Laws and Regulations and NEOGOV's Processing of Persona Data shall not cause NEOGOV to violate Data Protection Laws and Regulations. For avoidance of doubt, deidentified data is not considered Personal Data. Customer is solely responsible for the accuracy, quality, and legality of Personal Data. Customer will: (i) maintain a clear and conspicuous privacy policy that discloses the data collection and usage(including third party tracking technologies)resulting from the services and that complies with Data Protection Laws and Regulations, provided that the privacy policy will not need to expressly identify the services unless otherwise required by Data Protection Laws and Regulations; and (ii) honor all individual rights and opt-out requests as required by applicable Data Protection Laws and Regulations. 4. NEOGOV's Responsibilities. NEOGOV shall treat Customer's Personal Data in a confidential manner, and shall only Process Personal Data for the following purposes: (i) Processing in accordance with the Services Agreement and applicable Order Form(s); (ii) Processing initiated by users in their use of the Services; and (iii) Processing to comply with other documented reasonable instructions provided by Customer (e.g., via email)where such instructions are consistent with the terms of the Services Agreement. NEOGOV shall not "Sell" Personal Data or "Share" Personal Data for purposes of "Cross-Context Behavioral Advertising" (as such terms are defined in the CCPA). NEOGOV shall not retain, use, or disclose Personal Data (i)for any purpose other than business purposes specified herein (including retaining, using or disclosing the Personal Data for a commercial purpose other than the business purpose specified herein)or as otherwise permitted by the CCPA or (ii) outside of the direct business relationship between Customer and NEOGOV. NEOGOV certifies that it understands the restrictions described in this Section 4 and will comply with them in accordance with the CCPA. 5. Data Protection Impact Assessments. If, pursuant to Data Protection Laws and Regulations, Customer is required to perform a data protection impact assessment (or prior consultation with a regulator having appropriate jurisdiction), upon Customer's request, NEOGOV shall provide such relevant written documentation as is made available by NEOGOV pursuant to this DPA and the Services Agreement. Any additional assistance, should the written documentation specified in this Section be deemed insufficient, shall be subject to written agreement between the parties. 6. Data Subject Requests. If NEOGOV receives a request from a Data Subject to exercise the Data Subject's right of access, right to rectification, restriction of Processing, erasure, data portability, object to the Processing, or its right not to be subject to an automated individual decision making (a "Data Subject Request"), NEOGOV shall notify Customer or direct such Data Subject to Customer. NEOGOV shall assist Customer by appropriate technical and organizational measures, as is technically feasible and commercially reasonable, for the fulfilment of Customer's obligation to respond to a Data Subject Request under Data Protection Laws and Regulation. 7. Security. NEOGOV shall implement and maintain appropriate technical and organizational measures designed for protection of the security, confidentiality and integrity of Customer Data, taking into account the nature, scope, context, purpose of processing, and costs of implementation. NEOGOV regularly monitors compliance with these measures and will not materially decrease the overall security of the Services during a subscription term under the applicable Order Form and the Services Agreement. 8. Sub-Processors; Objection. Customer acknowledges that: (a) NEOGOV's Affiliates may be retained as Sub- processors;and(b)NEOGOV and its Affiliates may engage third-party Sub-processors in connection with the provision and operation of the Services under the Services Agreement. Sub-processors used as of the date of this DPA are specified in Annex III of Schedule 1 attached to this DPA. Prior to engaging any third-party Sub- processors, NEOGOV or a NEOGOV Affiliate shall carry out appropriate due diligence on each Sub-processor and enter into a written agreement with each Sub-processor containing data protection obligations substantially similar to those in this Services Agreement with respect to the protection of Customer Data to the extent applicable to the nature of the Services provided by such Sub-processor. Customer may in good faith reasonably object to NEOGOV's use of a new Sub-processor by notifying NEOGOV promptly in writing within ten (10)days after NEOGOV's notice. Such notice shall explain the Customer's good faith, reasonable grounds for the objection. In the event Customer objects to a new Sub-processor, NEOGOV will use commercially reasonable efforts to make available to Customer a change in the Services or recommend a commercially reasonable change to Customer's configuration or use of the Services to avoid Processing of Personal Data by the objected-to new Sub-processor without unreasonably burdening the Customer. If the parties are unable to resolve such objection or NEOGOV is otherwise unwilling to resolve or make available such change within a reasonable period of time, Customer may terminate the applicable Order Form(s)with respect to those Services which cannot be provided by NEOGOV without the use of the objected-to new Sub- processor by providing written notice to NEOGOV. 2 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF 9. Data Transfers. a) EU Data Transfers. Customer acknowledges and agrees that Personal Data may be transferred outside European Union countries to countries recognized by the European Commission as countries where there is an adequate level of protection as updated from time to time("Authorized Location"). During the term of the Services Agreement,the parties shall comply with the terms and conditions of the Standard Contractual Clauses (Controller to Processor,a current copy is attached hereto as Schedule 1, and the Standard Contractual Clauses are fully incorporated into this DPA. In the event Customer agrees to a transfer of Personal Data outside an Authorized Location, such transfer shall be subject to the execution between the Parties of the EU Standard Contractual Clauses or any other alternative mean validated by GDPR. b) UK Data Transfers. In the event of a transfer of Personal Data outside of the UK that is not to an Authorized Location,the parties agree that the EU Standard Contractual Clauses shall be read in accordance with, and deemed amended by,the provisions of Part 2 (Mandatory Clauses)of the UK International Data Transfer Agreement("IDTA"), and the Parties confirm that the information required for the purposes of Part 1 (Tables)of the UK IDTA is set out in this DPA. c) Swiss Data Transfers. In the event of a transfer of Personal Data outside of Switzerland that is not to an Authorized Location,the parties agree the EU Standard Contractual Clauses are to be understood as references to the Swiss FDAP insofar as the data transfers are subject exclusively to the Swiss FAPD and not to the GDPR. The term "member state"in the EU Standard Contractual Clauses shall not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c)of the EU Standard Contractual Clauses. Under Annex I(C)of the EU Standard Contractual Clauses(Competent supervisory authority): Where the transfer is subject exclusively to the Swiss FADP and not the GDPR, the supervisory authority is the Swiss Federal Data Protection and Information Commissioner; and Where the transfer is subject to both the Swiss FADP and the GDPR,the supervisory authority is the Swiss Federal Data Protection and Information Commissioner insofar as the transfer is governed by the Swiss FADP,and the supervisory authority is as set forth in the EU Standard Contractual Clauses insofar as the transfer is governed by the GDPR. d) Other Data Transfer Mechanism. For the avoidance of doubt,should the transfer mechanism specified in this Section 9 be deemed invalid by a regulator or court with applicable authority,the parties shall endeavor in good faith to negotiate an alternative mechanism(if available)to permit the continued transfer of Personal Data. 10. Data Export; Deletion. Upon written request, NEOGOV shall return Customer Data or direct Customer to self- service export, if available and subject to technical feasibility, and/or,to the extent allowed by Data Protection Laws and Regulations or legal obligation, to protect its rights, or copies held in its back up systems solely for disaster recovery systems, delete and make irretrievable Customer Data. 11. Incident Notice. NEOGOV maintains incident management policies and procedures, and shall notify Customer,without undue delay, of any breach of its security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data in connection with NEOGOV's provision of Services under the Services Agreement and of which NEOGOV becomes aware and which requires notification to be made to Customer, a Supervisory Authority and/or Data Subject under Data Protection Laws and Regulations (a "Breach Incident"). "Breach Incident(s)" will not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful log-in attempts, and other network attacks on firewalls or networked systems. NEOGOV shall make reasonable efforts to identify the cause of such Breach Incident and take those steps as NEOGOV deems necessary and reasonable in order to remediate the cause of such a Breach Incident to the extent the remediation is within NEOGOV's reasonable control. Additionally, upon request, NEOGOV shall provide Customer with relevant information about the Breach Incident, as reasonably required to assist the Customer in ensuring Customer's compliance with its own obligations under Data Protection Laws and Regulations to notify any Supervisory Authority or Data Subject in the event of a Breach Incident.The obligations herein shall not apply to incidents that are caused by Customer or Customer's users or any non-NEOGOV products or services. 12. Liability Limits. Each party's and all of its Affiliates' liability, in the aggregate, arising out of or related to this DPA and NEOGOV, whether in contract,tort or under any other theory of liability, is subject to the 'Limitation of Liability' section of the Services Agreement, and any reference to the liability of a party means the total liability of that party and all of its Affiliates under the Services Agreement and all DPAs together. 13. Legal Effect and Conflict. This DPA shall become legally binding between Customer and NEOGOV upon execution of the Services Agreement. Once effective,this DPA shall be incorporated into and form part of the 3 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF Services Agreement or applicable Order Form. For matters not addressed under this DPA, the terms of the Services Agreement apply. In the event of a conflict between the terms of the Services Agreement and this DPA, the terms of this DPA will control. In the event of a conflict between the terms of the DPA and the Standard Contractual Clauses,the Standard Contractual Clauses will control. 14. List of Schedules: Schedule 1:Standard Contractual Clauses 4 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF Schedule 1 -Standard Contractual Clauses EUROPEAN COMMISSION Brussels, 4.6.2021 C(2021)3972 final ANNEX ANNEX STANDARD CONTRACTUAL CLAUSES SECTION I Clause 1 Purpose and scope a. The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU)2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation)' for the transfer of personal data to a third country. b. The Parties: i. the natural or legal person(s), public authority/ies, agency/ies or other body/ies (hereinafter "entity/ies")transferring the personal data, as listed in Annex I.A. (hereinafter each "data exporter"), and ii. the entity/ies in a third country receiving the personal data from the data exporter, directly or indirectly via another entity also Party to these Clauses, as listed in Annex I.A. (hereinafter each"data importer') have agreed to these standard contractual clauses(hereinafter:"Clauses"). c. These Clauses apply with respect to the transfer of personal data as specified in Annex I.B. d. The Appendix to these Clauses containing the Annexes referred to therein forms an integral part of these Clauses. Clause 2 Effect and invariability of the Clauses a. These Clauses set out appropriate safeguards, including enforceable data subject rights and effective legal remedies, pursuant to Article 46(1)and Article 46 (2)(c)of Regulation (EU)2016/679 and,with respect to data transfers from controllers to processors and/or processors to processors, standard contractual clauses pursuant to Article 28(7)of Regulation (EU)2016/679, provided they are not modified, except to select the appropriate Module(s)or to add or update information in the Appendix. This does not prevent the Parties from including the standard contractual clauses laid down in these Clauses in a wider contract and/or to add other clauses or additional safeguards, provided that they do not contradict, directly or indirectly,these Clauses or prejudice the fundamental rights or freedoms of data subjects. b. These Clauses are without prejudice to obligations to which the data exporter is subject by virtue of Regulation (EU)2016/679. Clause 3 Third-party beneficiaries a. Data subjects may invoke and enforce these Clauses, as third-party beneficiaries, against the data exporter and/or data importer,with the following exceptions: i. Clause 1, Clause 2, Clause 3, Clause 6, Clause 7; ii. Clause 8-Module Two: Clause 8.1(b), 8.9(a), (c), (d)and (e); iii. Clause 9-Module Two: Clause 9(a), (c), (d)and (e); iv. Clause 12-Module Two: Clause 12(a), (d)and (f); 5 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF V. Clause 13; vi. Clause 15.1(c), (d)and (e); vii. Clause 16(e); viii. Clause 18-Module Two: Clause 18(a)and(b); b. Paragraph (a)is without prejudice to rights of data subjects under Regulation (EU)2016/679. Clause 4 Interpretation a. Where these Clauses use terms that are defined in Regulation (EU)2016/679,those terms shall have the same meaning as in that Regulation. b. These Clauses shall be read and interpreted in the light of the provisions of Regulation (EU)2016/679. c. These Clauses shall not be interpreted in a way that conflicts with rights and obligations provided for in Regulation (EU)2016/679. Clause 5 Hierarchy In the event of a contradiction between these Clauses and the provisions of related agreements between the Parties, existing at the time these Clauses are agreed or entered into thereafter, these Clauses shall prevail. Clause 6 Description of the transfer(s) The details of the transfer(s), and in particular the categories of personal data that are transferred and the purpose(s)for which they are transferred, are specified in Annex I.B. Clause 7-Optional Docking clause a. An entity that is not a Party to these Clauses may,with the agreement of the Parties, accede to these Clauses at any time, either as a data exporter or as a data importer, by completing the Appendix and signing Annex I.A. b. Once it has completed the Appendix and signed Annex I.A,the acceding entity shall become a Party to these Clauses and have the rights and obligations of a data exporter or data importer in accordance with its designation in Annex I.A. c. The acceding entity shall have no rights or obligations arising under these Clauses from the period prior to becoming a Party. SECTION II—OBLIGATIONS OF THE PARTIES Clause 8 Data protection safeguards The data exporter warrants that it has used reasonable efforts to determine that the data importer is able, through the implementation of appropriate technical and organisational measures,to satisfy its obligations under these Clauses. MODULE TWO: Transfer controller to processor 8.1 Instructions a. The data importer shall process the personal data only on documented instructions from the data exporter. The data exporter may give such instructions throughout the duration of the contract. b. The data importer shall immediately inform the data exporter if it is unable to follow those instructions. 6 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF 8.2 Purpose limitation The data importer shall process the personal data only for the specific purpose(s)of the transfer, as set out in Annex 1.13, unless on further instructions from the data exporter. 8.3 Transparency On request,the data exporter shall make a copy of these Clauses, including the Appendix as completed by the Parties, available to the data subject free of charge.To the extent necessary to protect business secrets or other confidential information, including the measures described in Annex II and personal data, the data exporter may redact part of the text of the Appendix to these Clauses prior to sharing a copy, but shall provide a meaningful summary where the data subject would otherwise not be able to understand the content or exercise his/her rights. On request, the Parties shall provide the data subject with the reasons for the redactions,to the extent possible without revealing the redacted information.This Clause is without prejudice to the obligations of the data exporter under Articles 13 and 14 of Regulation (EU)2016/679. 8.4 Accuracy If the data importer becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall inform the data exporter without undue delay. In this case, the data importer shall cooperate with the data exporter to erase or rectify the data. 8.5 Duration of processing and erasure or return of data Processing by the data importer shall only take place for the duration specified in Annex I.B. After the end of the provision of the processing services, the data importer shall, at the choice of the data exporter, delete all personal data processed on behalf of the data exporter and certify to the data exporter that it has done so, or return to the data exporter all personal data processed on its behalf and delete existing copies. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit return or deletion of the personal data,the data importer warrants that it will continue to ensure compliance with these Clauses and will only process it to the extent and for as long as required under that local law. This is without prejudice to Clause 14, in particular the requirement for the data importer under Clause 14(e)to notify the data exporter throughout the duration of the contract if it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under Clause 14(a). 8.6 Security of processing a. The data importer and, during transmission, also the data exporter shall implement appropriate technical and organisational measures to ensure the security of the data, including protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to that data (hereinafter"personal data breach"). In assessing the appropriate level of security,the Parties 7 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF shall take due account of the state of the art, the costs of implementation,the nature, scope, context and purpose(s)of processing and the risks involved in the processing for the data subjects. The Parties shall in particular consider having recourse to encryption or pseudonym isation, including during transmission, where the purpose of processing can be fulfilled in that manner. In case of pseudonym isation, the additional information for attributing the personal data to a specific data subject shall,where possible, remain under the exclusive control of the data exporter. In complying with its obligations under this paragraph, the data importer shall at least implement the technical and organisational measures specified in Annex II. The data importer shall carry out regular checks to ensure that these measures continue to provide an appropriate level of security. b. The data importer shall grant access to the personal data to members of its personnel only to the extent strictly necessary for the implementation, management and monitoring of the contract. It shall ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. c. In the event of a personal data breach concerning personal data processed by the data importer under these Clauses,the data importer shall take appropriate measures to address the breach, including measures to mitigate its adverse effects.The data importer shall also notify the data exporter without undue delay after having become aware of the breach. Such notification shall contain the details of a contact point where more information can be obtained, a description of the nature of the breach (including, where possible, categories and approximate number of data subjects and personal data records concerned), its likely consequences and the measures taken or proposed to address the breach including, where appropriate, measures to mitigate its possible adverse effects. Where, and in so far as, it is not possible to provide all information at the same time, the initial notification shall contain the information then available and further information shall, as it becomes available, subsequently be provided without undue delay. d. The data importer shall cooperate with and assist the data exporter to enable the data exporter to comply with its obligations under Regulation (EU)2016/679, in particular to notify the competent supervisory authority and the affected data subjects,taking into account the nature of processing and the information available to the data importer. 8.7 Sensitive data Where the transfer involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person's sex life or sexual orientation, or data relating to criminal convictions and offences (hereinafter"sensitive data"),the data importer shall apply the specific restrictions and/or additional safeguards described in Annex I.B. 8.8 Onward transfers The data importer shall only disclose the personal data to a third party on documented instructions from the data exporter. In addition,the data may only be disclosed to a third party located outside the European Union4(in the same country as the data importer or in another third country, hereinafter"onward transfer") if the third party is or agrees to be bound by these Clauses, under the appropriate Module, or if: i. the onward transfer is to a country benefitting from an adequacy decision pursuant to Article 45 of Regulation (EU)2016/679 that covers the onward transfer; ii. the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 Regulation of(EU) 2016/679 with respect to the processing in question; iii. the onward transfer is necessary for the establishment, exercise or defence of legal claims in the context of specific administrative, regulatory or judicial proceedings; or iv. the onward transfer is necessary in order to protect the vital interests of the data subject or of another natural person. 8 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF Any onward transfer is subject to compliance by the data importer with all the other safeguards under these Clauses, in particular purpose limitation. 8.9 Documentation and compliance a. The data importer shall promptly and adequately deal with enquiries from the data exporter that relate to the processing under these Clauses. b. The Parties shall be able to demonstrate compliance with these Clauses. In particular,the data importer shall keep appropriate documentation on the processing activities carried out on behalf of the data exporter. c. The data importer shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses and at the data exporter's request, allow for and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non-compliance. In deciding on a review or audit,the data exporter may take into account relevant certifications held by the data importer. d. The data exporter may choose to conduct the audit by itself or mandate an independent auditor.Audits may include inspections at the premises or physical facilities of the data importer and shall,where appropriate, be carried out with reasonable notice. e. The Parties shall make the information referred to in paragraphs (b)and (c), including the results of any audits,available to the competent supervisory authority on request. Clause 9 Use of sub-processors MODULE TWO: Transfer controller to processor a. OPTION 2: GENERAL WRITTEN AUTHORISATION The data importer has the data exporter's general authorisation for the engagement of sub-processor(s)from an agreed list.The data importer shall specifically inform the data exporter in writing of any intended changes to that list through the addition or replacement of sub-processors at least 10 days in advance,thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object. b. Where the data importer engages a sub-processor to carry out specific processing activities(on behalf of the data exporter), it shall do so by way of a written contract that provides for, in substance, the same data protection obligations as those binding the data importer under these Clauses, including in terms of third- party beneficiary rights for data subjects.$The Parties agree that, by complying with this Clause,the data importer fulfils its obligations under Clause 8.8.The data importer shall ensure that the sub-processor complies with the obligations to which the data importer is subject pursuant to these Clauses. c. The data importer shall provide, at the data exporter's request, a copy of such a sub-processor agreement and any subsequent amendments to the data exporter. To the extent necessary to protect business secrets or other confidential information, including personal data, the data importer may redact the text of the agreement prior to sharing a copy. d. The data importer shall remain fully responsible to the data exporter for the performance of the sub- processor's obligations under its contract with the data importer.The data importer shall notify the data exporter of any failure by the sub-processor to fulfil its obligations under that contract. e. The data importer shall agree a third-party beneficiary clause with the sub-processor whereby-in the event the data importer has factually disappeared, ceased to exist in law or has become insolvent-the data exporter shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data. Clause 10 Data subject rights MODULE TWO: Transfer controller to processor 9 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF a. The data importer shall promptly notify the data exporter of any request it has received from a data subject. It shall not respond to that request itself unless it has been authorised to do so by the data exporter. b. The data importer shall assist the data exporter in fulfilling its obligations to respond to data subjects' requests for the exercise of their rights under Regulation (EU)2016/679. In this regard,the Parties shall set out in Annex II the appropriate technical and organisational measures,taking into account the nature of the processing, by which the assistance shall be provided, as well as the scope and the extent of the assistance required. c. In fulfilling its obligations under paragraphs (a)and (b), the data importer shall comply with the instructions from the data exporter. Clause 11 Redress a. The data importer shall inform data subjects in a transparent and easily accessible format, through individual notice or on its website, of a contact point authorised to handle complaints. It shall deal promptly with any complaints it receives from a data subject. MODULE TWO: Transfer controller to processor b. In case of a dispute between a data subject and one of the Parties as regards compliance with these Clauses,that Party shall use its best efforts to resolve the issue amicably in a timely fashion. The Parties shall keep each other informed about such disputes and,where appropriate, cooperate in resolving them. c. Where the data subject invokes a third-party beneficiary right pursuant to Clause 3,the data importer shall accept the decision of the data subject to: i. lodge a complaint with the supervisory authority in the Member State of his/her habitual residence or place of work,or the competent supervisory authority pursuant to Clause 13; ii. refer the dispute to the competent courts within the meaning of Clause 18. d. The Parties accept that the data subject may be represented by a not-for-profit body, organisation or association under the conditions set out in Article 80(1)of Regulation (ELI)2016/679. e. The data importer shall abide by a decision that is binding under the applicable EU or Member State law. f. The data importer agrees that the choice made by the data subject will not prejudice his/her substantive and procedural rights to seek remedies in accordance with applicable laws. Clause 12 Liability MODULE TWO: Transfer controller to processor a. Each Party shall be liable to the other Party/ies for any damages it causes the other Party/ies by any breach of these Clauses. b. The data importer shall be liable to the data subject, and the data subject shall be entitled to receive compensation, for any material or non-material damages the data importer or its sub-processor causes the data subject by breaching the third-party beneficiary rights under these Clauses. c. Notwithstanding paragraph(b), the data exporter shall be liable to the data subject, and the data subject shall be entitled to receive compensation,for any material or non-material damages the data exporter or the data importer(or its sub-processor)causes the data subject by breaching the third-party beneficiary rights under these Clauses. This is without prejudice to the liability of the data exporter and,where the data exporter is a processor acting on behalf of a controller, to the liability of the controller under Regulation (EU)2016/679 or Regulation (EU)2018/1725, as applicable. d. The Parties agree that if the data exporter is held liable under paragraph (c)for damages caused by the data importer(or its sub-processor), it shall be entitled to claim back from the data importer that part of the compensation corresponding to the data importer's responsibility for the damage. e. Where more than one Party is responsible for any damage caused to the data subject as a result of a breach of these Clauses, all responsible Parties shall be jointly and severally liable and the data subject is entitled to bring an action in court against any of these Parties. f. The Parties agree that if one Party is held liable under paragraph (e), it shall be entitled to claim back from the other Party/ies that part of the compensation corresponding to its/their responsibility for the damage. g. The data importer may not invoke the conduct of a sub-processor to avoid its own liability. 10 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF Clause 13 Supervision MODULE TWO: Transfer controller to processor a. Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of Regulation (EU)2016/679 in accordance with its Article 3(2)without however having to appoint a representative pursuant to Article 27(2)of Regulation (EU)2016/679: The supervisory authority of one of the Member States in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located, as indicated in Annex I.C, shall act as competent supervisory authority. b. The data importer agrees to submit itself to the jurisdiction of and cooperate with the competent supervisory authority in any procedures aimed at ensuring compliance with these Clauses. In particular, the data importer agrees to respond to enquiries, submit to audits and comply with the measures adopted by the supervisory authority, including remedial and compensatory measures. It shall provide the supervisory authority with written confirmation that the necessary actions have been taken. SECTION III—LOCAL LAWS AND OBLIGATIONS IN CASE OF ACCESS BY PUBLIC AUTHORITIES Clause 14 Local laws and practices affecting compliance with the Clauses MODULE TWO: Transfer controller to processor a. The Parties warrant that they have no reason to believe that the laws and practices in the third country of destination applicable to the processing of the personal data by the data importer, including any requirements to disclose personal data or measures authorising access by public authorities, prevent the data importer from fulfilling its obligations under these Clauses. This is based on the understanding that laws and practices that respect the essence of the fundamental rights and freedoms and do not exceed what is necessary and proportionate in a democratic society to safeguard one of the objectives listed in Article 23(1)of Regulation (EU)2016/679, are not in contradiction with these Clauses. b. The Parties declare that in providing the warranty in paragraph (a),they have taken due account in particular of the following elements: i. the specific circumstances of the transfer, including the length of the processing chain,the number of actors involved and the transmission channels used; intended onward transfers; the type of recipient;the purpose of processing;the categories and format of the transferred personal data; the economic sector in which the transfer occurs;the storage location of the data transferred; ii. the laws and practices of the third country of destination—including those requiring the disclosure of data to public authorities or authorising access by such authorities—relevant in light of the specific circumstances of the transfer, and the applicable limitations and safeguards12; iii. any relevant contractual, technical or organisational safeguards put in place to supplement the safeguards under these Clauses, including measures applied during transmission and to the processing of the personal data in the country of destination. c. The data importer warrants that, in carrying out the assessment under paragraph (b), it has made its best efforts to provide the data exporter with relevant information and agrees that it will continue to cooperate with the data exporter in ensuring compliance with these Clauses. d. The Parties agree to document the assessment under paragraph (b)and make it available to the competent supervisory authority on request. e. The data importer agrees to notify the data exporter promptly if, after having agreed to these Clauses and for the duration of the contract, it has reason to believe that it is or has become subject to laws or practices not in line with the requirements under paragraph (a), including following a change in the laws of the third country or a measure (such as a disclosure request)indicating an application of such laws in practice that is not in line with the requirements in paragraph (a). The data exporter shall forward the notification to the controller. f. Following a notification pursuant to paragraph (e),or if the data exporter otherwise has reason to believe that the data importer can no longer fulfil its obligations under these Clauses,the data exporter shall promptly identify appropriate measures(e.g.technical or organisational measures to ensure security and confidentiality)to be adopted by the data exporter and/or data importer to address the situation, if appropriate in consultation with the controller. 11 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF g. The data exporter shall suspend the data transfer if it considers that no appropriate safeguards for such transfer can be ensured, or if instructed by the controller or the competent supervisory authority to do so. In this case,the data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses. If the contract involves more than two Parties,the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. Where the contract is terminated pursuant to this Clause, Clause 16(d)and(e) shall apply. Clause 15 Obligations of the data importer in case of access by public authorities MODULE TWO: Transfer controller to processor 15.1 Notification a. The data importer agrees to notify the data exporter and,where possible, the data subject promptly(if necessary with the help of the data exporter)if it: i. receives a legally binding request from a public authority, including judicial authorities, under the laws of the country of destination for the disclosure of personal data transferred pursuant to these Clauses; such notification shall include information about the personal data requested,the requesting authority, the legal basis for the request and the response provided; or ii. becomes aware of any direct access by public authorities to personal data transferred pursuant to these Clauses in accordance with the laws of the country of destination;such notification shall include all information available to the importer. The data exporter shall forward the notification to the controller. b. If the data importer is prohibited from notifying the data exporter and/or the data subject under the laws of the country of destination, the data importer agrees to use its best efforts to obtain a waiver of the prohibition,with a view to communicating as much information as possible, as soon as possible. The data importer agrees to document its best efforts in order to be able to demonstrate them on request of the data exporter. c. Where permissible under the laws of the country of destination,the data importer agrees to provide the data exporter, at regular intervals for the duration of the contract, with as much relevant information as possible on the requests received (in particular, number of requests,type of data requested, requesting authority/ies,whether requests have been challenged and the outcome of such challenges,etc.). The data exporter shall forward the information to the controller. d. The data importer agrees to preserve the information pursuant to paragraphs(a)to (c)for the duration of the contract and make it available to the competent supervisory authority on request. e. Paragraphs (a)to (c)are without prejudice to the obligation of the data importer pursuant to Clause 14(e) and Clause 16 to inform the data exporter promptly where it is unable to comply with these Clauses. 15.2 Review of legality and data minimisation a. The data importer agrees to review the legality of the request for disclosure, in particular whether it remains within the powers granted to the requesting public authority, and to challenge the request if, after careful assessment, it concludes that there are reasonable grounds to consider that the request is unlawful under the laws of the country of destination, applicable obligations under international law and principles of international comity.The data importer shall, under the same conditions, pursue possibilities of appeal.When challenging a request,the data importer shall seek interim measures with a view to suspending the effects of the request until the competent judicial authority has decided on its merits. It shall not disclose the personal data requested until required to do so under the applicable procedural rules. These requirements are without prejudice to the obligations of the data importer under Clause 14(e). b. The data importer agrees to document its legal assessment and any challenge to the request for disclosure and, to the extent permissible under the laws of the country of destination, make the documentation available to the data exporter. It shall also make it available to the competent supervisory authority on request. The data exporter shall make the assessment available to the controller. 12 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF c. The data importer agrees to provide the minimum amount of information permissible when responding to a request for disclosure, based on a reasonable interpretation of the request. SECTION IV—FINAL PROVISIONS Clause 16 Non-compliance with the Clauses and termination a. The data importer shall promptly inform the data exporter if it is unable to comply with these Clauses,for whatever reason. b. In the event that the data importer is in breach of these Clauses or unable to comply with these Clauses, the data exporter shall suspend the transfer of personal data to the data importer until compliance is again ensured or the contract is terminated. This is without prejudice to Clause 14(f). c. The data exporter shall be entitled to terminate the contract, insofar as it concerns the processing of personal data under these Clauses,where: i. the data exporter has suspended the transfer of personal data to the data importer pursuant to paragraph (b)and compliance with these Clauses is not restored within a reasonable time and in any event within one month of suspension; ii. the data importer is in substantial or persistent breach of these Clauses; or iii. the data importer fails to comply with a binding decision of a competent court or supervisory authority regarding its obligations under these Clauses. • In these cases, it shall inform the competent supervisory authority and the controller of such non- compliance. Where the contract involves more than two Parties,the data exporter may exercise this right to termination only with respect to the relevant Party, unless the Parties have agreed otherwise. d. Personal data that has been transferred prior to the termination of the contract pursuant to paragraph (c) shall at the choice of the data exporter immediately be returned to the data exporter or deleted in its entirety.The same shall apply to any copies of the data. The data importer shall certify the deletion of the data to the data exporter. Until the data is deleted or returned, the data importer shall continue to ensure compliance with these Clauses. In case of local laws applicable to the data importer that prohibit the return or deletion of the transferred personal data, the data importer warrants that it will continue to ensure compliance with these Clauses and will only process the data to the extent and for as long as required under that local law. e. Either Party may revoke its agreement to be bound by these Clauses where(i)the European Commission adopts a decision pursuant to Article 45(3)of Regulation (EU)2016/679 that covers the transfer of personal data to which these Clauses apply; or(ii)Regulation (EU)2016/679 becomes part of the legal framework of the country to which the personal data is transferred.This is without prejudice to other obligations applying to the processing in question under Regulation (EU)2016/679. Clause 17 Governing law MODULE TWO:Transfer controller to processor OPTION 1: These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights.The Parties agree that this shall be the law of Ireland (specify Member State). Clause 18 Choice of forum and jurisdiction MODULE TWO:Transfer controller to processor a. Any dispute arising from these Clauses shall be resolved by the courts of an EU Member State. b. The Parties agree that those shall be the courts of Ireland (specify Member State). c. A data subject may also bring legal proceedings against the data exporter and/or data importer before the courts of the Member State in which he/she has his/her habitual residence. d. The Parties agree to submit themselves to the jurisdiction of such courts. 13 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF Where the data exporter is a processor subject to Regulation (EU)2016/679 acting on behalf of a Union institution or body as controller, reliance on these Clauses when engaging another processor(sub-processing)not subject to Regulation (EU)2016/679 also ensures compliance with Article 29(4)of Regulation (EU)2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation(EC)No 45/2001 and Decision No 1247/2002/EC (OJ L 295 of 21.11.2018, p. 39),to the extent these Clauses and the data protection obligations as set out in the contract or other legal act between the controller and the processor pursuant to Article 29(3)of Regulation (EU)2018/1725 are aligned.This will in particular be the case where the controller and processor rely on the standard contractual clauses included in Decision [...]. 2 This requires rendering the data anonymous in such a way that the individual is no longer identifiable by anyone, in line with recital 26 of Regulation (EU)2016/679, and that this process is irreversible. 3 The Agreement on the European Economic Area(EEA Agreement) provides for the extension of the European Union's internal market to the three EEA States Iceland, Liechtenstein and Norway.The Union data protection legislation, including Regulation (EU)2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto.Therefore,any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses. 4 The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union's internal market to the three EEA States Iceland, Liechtenstein and Norway.The Union data protection legislation, including Regulation (EU)2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto.Therefore,any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses. 5 See Article 28(4)of Regulation (EU)2016/679 and, where the controller is an EU institution or body,Article 29(4)of Regulation (EU)2018/1725. 6 The Agreement on the European Economic Area(EEA Agreement) provides for the extension of the European Union's internal market to the three EEA States Iceland, Liechtenstein and Norway.The Union data protection legislation, including Regulation (EU)2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto.Therefore,any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purposes of these Clauses. This includes whether the transfer and further processing involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data or biometric data for the 14 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF purpose of uniquely identifying a natural person, data concerning health or a person's sex life or sexual orientation, or data relating to criminal convictions or offences. 8 This requirement may be satisfied by the sub-processor acceding to these Clauses under the appropriate Module, in accordance with Clause 7. 9 This requirement may be satisfied by the sub-processor acceding to these Clauses under the appropriate Module, in accordance with Clause 7. 10 That period may be extended by a maximum of two more months, to the extent necessary taking into account the complexity and number of requests.The data importer shall duly and promptly inform the data subject of any such extension. 11 The data importer may offer independent dispute resolution through an arbitration body only if it is established in a country that has ratified the New York Convention on Enforcement of Arbitration Awards. 12 As regards the impact of such laws and practices on compliance with these Clauses, different elements may be considered as part of an overall assessment. Such elements may include relevant and documented practical experience with prior instances of requests for disclosure from public authorities, or the absence of such requests, covering a sufficiently representative time-frame.This refers in particular to internal records or other documentation, drawn up on a continuous basis in accordance with due diligence and certified at senior management level, provided that this information can be lawfully shared with third parties. Where this practical experience is relied upon to conclude that the data importer will not be prevented from complying with these Clauses, it needs to be supported by other relevant, objective elements, and it is for the Parties to consider carefully whether these elements together carry sufficient weight, in terms of their reliability and representativeness, to support this conclusion. In particular,the Parties have to take into account whether their practical experience is corroborated and not contradicted by publicly available or otherwise accessible, reliable information on the existence or absence of requests within the same sector and/or the application of the law in practice, such as case law and reports by independent oversight bodies. APPENDIX EXPLANATORY NOTE: It must be possible to clearly distinguish the information applicable to each transfer or category of transfers and, in this regard, to determine the respective role(s)of the Parties as data exporter(s)and/or data importer(s). This does not necessarily require completing and signing separate appendices for each transfer/category of transfers and/or contractual relationship,where this transparency can [be]achieved through one appendix. However,where necessary to ensure sufficient clarity, separate appendices should be used. 15 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF ANNEX A. LIST OF PARTIES Data exporter(s):The entity identified as"Customer" in the DPA or Services Agreement Data importer(s): Governmentjobs.com, Inc. (D/B/A/ NEOGOV), parent company of PowerDMS, Inc., Cuehit, Inc., Ragnasoft LLC (D/B/A/PlanIT Schedule), and Design PD, LLC(D/B/A Agency360)(collectively, "NEOGOV") 1. Name: NEOGOV 2120 Park Place, Suite 100, El Segundo, CA 90245 Contact Anurag Ojha, CISO and contact details:Tel.: 310-426-6304 Fax: 310-426-6305 privacy(a�governmentjobs.com Activities relevant to the data transferred under these Clauses: NEOGOV provides cloud-based human resource and public safety software services and support solutions which process Personal Data upon the written instruction of the data exporter in accordance with the terms of the Services Agreement and this DPA. Role (controller/processor): processor B. DESCRIPTION OF TRANSFER Categories of data subjects whose personal data is transferred Data exporter may submit Personal Data to the SCC Services,the extent of which is determined and controlled by the data exporter in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of data subjects: •Customers, business partners, prospects, vendors,job applicants, employees,agents, advisors, freelancers, or contact persons of data exporter(who are natural persons), as well as employees or contact persons of all of the foregoing •Any other users (who are natural persons)authorized by data exporter to use the SCC Services Categories of personal data transferred Data exporter may submit Personal Data to the SCC Services,the extent of which is determined and controlled by the data exporter in its sole discretion, and which may include, but is not limited to the following categories of Personal Data: • First and last name • Title • Position • Employer • Contact information (company, email, phone, physical business address) • ID data • Professional life data • Personal life data • Connection data • Localisation data • Driver's license, social security number, other government identifiers • Address • Work and education history • Age • Signature Sensitive data transferred(if applicable)and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures. 16 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF • Data exporter may submit special categories of data to the Services,the extent of which is determined and controlled by the data exporter in its sole discretion, and which is for the sake of clarity Personal Data with information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs,trade- union membership, and the processing of data concerning health or sex life The frequency of the transfer(e.g. whether the data is transferred on a one-off or continuous basis). Transfer is continuous Nature of the processing Collecting, storing, deleting, altering, transferring and other processing as set forth in the agreement between the data exporter and data importer or data importer's affiliate for the provision of data importer's cloud-based human resource and public safety software services and support solutions, and related support, maintenance, implementation and training services Purpose(s) of the data transfer and further processing The objective of Processing of Personal Data by data importer is in furtherance of servicing the Customer, as well as the performance and operation of the SCC Services pursuant to the Services Agreement. The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period Duration of the processing shall correspond to the duration of the Services Agreement except where otherwise required by applicable law or legal obligation, or for NEOGOV to protect its rights or those of a third party. For transfers to (sub-)processors, also specify subject matter, nature and duration of the processing When sub-processors are involved (see list provided), transfer is limited to transfer necessary for the performance of the agreement, and for its duration. C. COMPETENT SUPERVISORY AUTHORITY MODULE TWO:Transfer controller to processor Identify the competent supervisory authoritylies in accordance with Clause 13, and where possible, select the Irish Data Protection Commission. 17 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF ANNEX II -TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO:Transfer controller to processor EXPLANATORY NOTE: The technical and organisational measures must be described in specific(and not generic)terms. See also the general comment on the first page of the Appendix, in particular on the need to clearly indicate which measures apply to each transfer/set of transfers. Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications)to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. Data importer will maintain administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of any Personal Data uploaded to the SCC Services or otherwise maintained on behalf of data exporter(as Data Controller). Data importer reserves the right to update the security controls from time-to-time, provided that at no time shall data importer materially and to the adverse impact of data exporter, decrease the overall security of the SCC Services during a subscription term. Measures in place: • Measures of pseudonym isation and encryption of personal data • Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services • Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident • Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing • Measures for user identification and authorisation • Measures for the protection of data during transmission • Measures for the protection of data during storage • Measures for ensuring system configuration, including default configuration • Measures for internal IT and IT security governance and management • Measures for certification/assurance of processes and products For transfers to (sub-)processors, also describe the specific technical and organisational measures to be taken by the (sub-)processor to be able to provide assistance to the controller and, for transfers from a processor to a sub- processor, to the data exporter ANNEX III—LIST OF SUB-PROCESSORS MODULE TWO:Transfer controller to processor MODULE THREE:Transfer processor to processor The controller has authorized the use of the following sub-processors: Sub-Processor Use NEOGOV or PowerDMS Products Amazon Web Services Compute, storage, email sending from in app PowerDMS Google Customer communications, analytics All Salesforce Sales process and customer service All GuideCS Implementation All 18 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD1 1 B87EDAF Docebo Implementation, training PowerDMS Gainsight Analytics All DataDog Application health monitoring PowerDMS AppDynamics Application health monitoring NEOGOV MailGun Outbound email service NEOGOV Twilio Outbound email and text messaging PowerDMS Azure Commercial Cloud Computer and storage NEOGOV 19 Docusign Envelope ID:02A7246A-8033-4EOD-B52E-4CD11 B87EDAF TM P(bwerDMS N E OV Digital Management Software i%WWWC&"" PROFESSIONAL SERVICES ADDENDUM 1. DEFINITIONS. "NEOGOV Intellectual Property"shall have the meaning set forth in the Agreement. 2. PROFESSIONAL SERVICES PROVISIONS. 2.1 Description of Professional Services. NEOGOV will provide the professional services to Customer as described in the applicable Order Form and/or Statement of Work which may include the following: training, set-up, implementation, Insight consultation, and/or assessment of and best practices concerning the SaaS Applications ("Professional Services"). Professional Services for initial product implementation or new user training purchased by a new Customer must be utilized within ninety(90)days of the Go-Live date for such products.Training and assessment services purchased by Customers after the Go-Live date must be used within ninety(90)days of the applicable Order Form or SOW,provided that for training related to Insight assessment the training hours must be used within ninety(90)days of the assessment completion date. 2.2 Customer's Obligations. Customer agrees to provide assistance,cooperation,information, equipment, and data reasonably necessary to enable NEOGOV to perform the Professional Services (collectively, "Customer Cooperation"). Customer acknowledges that NEOGOV's ability to provide Professional Services as set forth herein may be affected if Customer does not provide Customer Cooperation. 2.3 Project Management. Each party shall designate a project manager who shall work together with the other party's project manager to facilitate the efficient delivery of the Professional Services. 2.4 Change Order. In order to change the description of Professional Services under a Statement of Work, Customer will submit a written request to NEOGOV specifying the proposed changes in detail and NEOGOV will provide an estimate of the charges and anticipated changes in the delivery schedule that will result from the proposed change.NEOGOV will continue performing the Professional Services in accordance with this Addendum and the applicable Statement of Work until the parties agree in writing on the change in scope of work,scheduling,and fees. NEOGOV shall not be responsible for a delay, in the performance of the Services resulting from such change order. 2.5 Proprietary Rights. NEOGOV shall own and retain all right, title and interest in and to the NEOGOV Intellectual Property and/or any and all derivatives,enhancements or modifications to the NEOGOV Intellectual Property,and all intellectual property and proprietary rights worldwide relating thereto. NEOGOV grants to Customer, for Customer's internal business purpose only,a non-exclusive,non-transferable,royalty-free license to use such NEOGOV Intellectual Property solely in connection with Customer's use of the services;provided,however,that the forgoing license does not include the right to modify, reverse engineer or otherwise alter the NEOGOV Intellectual Property or develop,offer or otherwise provide any product or service intended to replace or otherwise compete with the Services provided by NEOGOV in the Statement of Work. 2.6 Warranty.NEOGOV warrants for 90 days from the performance of any Professional Services by NEOGOV that such Professional Services shall be performed in a professional and workmanlike manner consistent with generally accepted industry standards.Customer must report in writing any breach of this warranty to NEOGOV during the relevant warranty period, and Customer's exclusive remedy and NEOGOV's entire liability for any breach of such warranty shall be the reperformance of the nonconforming Professional Services,or if NEOGOV is unable to perform the Professional Services as warranted,Customer shall be entitled to a refund of the fees paid to NEOGOV for the nonconforming Professional Services. 2.7 Acceptance. Customer must notify NEOGOV in writing within ten days of the delivery of the Professional Services that Customer believes such Professional Services are nonconforming, otherwise such Professional Services will be deemed to have been accepted by Customer. Customer's exclusive remedy and NEOGOV's entire liability for any nonconformance of the Professional Services shall be the reperformance of the nonconforming Professional Services,or if NEOGOV is unable to perform the Professional Services to be conforming,Customer shall be entitled to a refund of the fees paid to NEOGOV for the nonconforming Professional Services. 3. PAYMENT PROVISIONS. 3.1 Fees. Professional Services shall be provided under this Addendum at the rates set forth in the applicable Statement of Work or Order Form. 3.2 Payment Type. Unless otherwise stated in an applicable Order Form or Statement of Work,the Professional Services are provided on a fixed fee basis. Customer shall pay NEOGOV the fees stated in the applicable Statement of Work or Order Form plus all pre-approved travel and living expenses("Expenses"). 1